[strongSwan] INVALID_ID_INFORMATION

Andreas Steffen andreas.steffen at strongswan.org
Fri Apr 29 13:56:20 CEST 2011 

Hello Peter,

just define

  conn whatever
       right=<ip-of-cisco>
       rightid=192.168.230.3
       rightsubnet=<ip-of-remote-network>

Regards

Andreas

On 28.04.2011 14:18, Peter Albrecht wrote:
> Hello,
> 
> The problem from yesterday is mostly solved ...
> 
> When I connect to the other gateway, I see the following messages:
> 
> pluto[6843]: "whatever" #2: we require peer to have ID 'a.b.c.d', but peer 
> declares '192.168.230.3'
> pluto[6843]: "whatever" #2: sending encrypted notification 
> INVALID_ID_INFORMATION to a.b.c.d:500
> pluto[6843]: | **emit ISAKMP Message:
> pluto[6843]: |    initiator cookie:
> pluto[6843]: |   b5 23 36 76  f4 c5 3b b6
> pluto[6843]: |    responder cookie:
> pluto[6843]: |   f8 2e bb c7  41 dc fb 84
> pluto[6843]: |    next payload type: ISAKMP_NEXT_HASH
> pluto[6843]: |    ISAKMP version: ISAKMP Version 1.0
> pluto[6843]: |    exchange type: ISAKMP_XCHG_INFO
> pluto[6843]: |    flags: ISAKMP_FLAG_ENCRYPTION
> pluto[6843]: |    message ID:  4d 81 f3 28
> pluto[6843]: | ***emit ISAKMP Hash Payload:
> pluto[6843]: |    next payload type: ISAKMP_NEXT_N
> pluto[6843]: | emitting 20 zero bytes of HASH into ISAKMP Hash Payload
> pluto[6843]: | emitting length of ISAKMP Hash Payload: 24
> pluto[6843]: | ***emit ISAKMP Notification Payload:
> pluto[6843]: |    next payload type: ISAKMP_NEXT_NONE
> pluto[6843]: |    DOI: ISAKMP_DOI_IPSEC
> pluto[6843]: |    protocol ID: 1
> pluto[6843]: |    SPI size: 0
> pluto[6843]: |    Notify Message Type: INVALID_ID_INFORMATION
> 
> 
> On the remote side, traffic is directed to the host having a private IP 
> address (192.168.230.3). How can I instruct StrongSwan to accept this ID?
> 
> Thanks a lot,
> 
> Peter
> 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list