[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No acceptable Oakley Transform

To: ipsec@lists.tislabs.com
Subject: No acceptable Oakley Transform
From: Neil Dombrowski <ndombrowski@ebuilt.com>
Date: 14 Jun 2002 13:22:56 -0700
Sender: owner-ipsec@lists.tislabs.com
I have a linux (Mandrake 8.2) system that I have installed FreeS/WAN
1.97 and am trying to establish a tunnel with a Symantec Velociraptor(?)
IPSEC server. He can only do D-H groups 1 and 2, freewans does only 2
and 5. Will this work? I keep getting "no preshared key found" and "no
acceptable Oakley Transform. I need to get this up, but my counterpart
and I are up against a wall. 

Any hints what we can do to get this working?

Thanks,
	Neil
-----------------------

Jun 14 13:01:47 lake Pluto[6988]: | **parse ISAKMP Message:
Jun 14 13:01:47 lake Pluto[6988]: |    initiator cookie:
Jun 14 13:01:47 lake Pluto[6988]: |   37 a8 ff bf  fd d0 a9 e5
Jun 14 13:01:47 lake Pluto[6988]: |    responder cookie:
Jun 14 13:01:47 lake Pluto[6988]: |   f7 c3 a0 c5  0d 26 89 c4
Jun 14 13:01:47 lake Pluto[6988]: |    next payload type: ISAKMP_NEXT_SA
Jun 14 13:01:47 lake Pluto[6988]: |    ISAKMP version: ISAKMP Version
1.0
Jun 14 13:01:47 lake Pluto[6988]: |    exchange type: ISAKMP_XCHG_IDPROT
Jun 14 13:01:47 lake Pluto[6988]: |    flags: none
Jun 14 13:01:47 lake Pluto[6988]: |    message ID:  00 00 00 00
Jun 14 13:01:47 lake Pluto[6988]: |    length: 113
Jun 14 13:01:47 lake Pluto[6988]: | ICOOKIE:  37 a8 ff bf  fd d0 a9 e5
Jun 14 13:01:47 lake Pluto[6988]: | RCOOKIE:  f7 c3 a0 c5  0d 26 89 c4
Jun 14 13:01:47 lake Pluto[6988]: | peer:  d8 22 c5 d7
Jun 14 13:01:47 lake Pluto[6988]: | state hash entry 23
Jun 14 13:01:47 lake Pluto[6988]: | state object not found
Jun 14 13:01:47 lake Pluto[6988]: | ICOOKIE:  37 a8 ff bf  fd d0 a9 e5
Jun 14 13:01:47 lake Pluto[6988]: | RCOOKIE:  00 00 00 00  00 00 00 00
Jun 14 13:01:48 lake Pluto[6988]: | peer:  d8 22 c5 d7
Jun 14 13:01:48 lake Pluto[6988]: | state hash entry 26
Jun 14 13:01:48 lake Pluto[6988]: | state object #1 found, in
STATE_MAIN_I1
Jun 14 13:01:48 lake Pluto[6988]: | ***parse ISAKMP Security Association
Payload:
Jun 14 13:01:48 lake Pluto[6988]: |    next payload type:
ISAKMP_NEXT_VID
Jun 14 13:01:48 lake Pluto[6988]: |    length: 52
Jun 14 13:01:48 lake Pluto[6988]: |    DOI: ISAKMP_DOI_IPSEC
Jun 14 13:01:48 lake Pluto[6988]: | ***parse ISAKMP Vendor ID Payload:
Jun 14 13:01:48 lake Pluto[6988]: |    next payload type:
ISAKMP_NEXT_NONE
Jun 14 13:01:48 lake Pluto[6988]: |    length: 33
Jun 14 13:01:48 lake Pluto[6988]: "phs" #1: ignoring Vendor ID payload
Jun 14 13:01:48 lake Pluto[6988]: | VID:  52 61 70 74  6f 72 20 50  6f
77 65 72  56 70 6e 20
Jun 14 13:01:48 lake Pluto[6988]: |   53 65 72 76  65 72 20 5b  56 36 2e
35  5d
Jun 14 13:01:48 lake Pluto[6988]: | ****parse IPsec DOI SIT:
Jun 14 13:01:48 lake Pluto[6988]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Jun 14 13:01:48 lake Pluto[6988]: | ****parse ISAKMP Proposal Payload:
Jun 14 13:01:48 lake Pluto[6988]: |    next payload type:
ISAKMP_NEXT_NONE
Jun 14 13:01:48 lake Pluto[6988]: |    length: 40
Jun 14 13:01:48 lake Pluto[6988]: |    proposal number: 0
Jun 14 13:01:48 lake Pluto[6988]: |    protocol ID: PROTO_ISAKMP
Jun 14 13:01:48 lake Pluto[6988]: |    SPI size: 0
Jun 14 13:01:48 lake Pluto[6988]: |    number of transforms: 1
Jun 14 13:01:48 lake Pluto[6988]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jun 14 13:01:48 lake Pluto[6988]: |    next payload type:
ISAKMP_NEXT_NONE
Jun 14 13:01:48 lake Pluto[6988]: |    length: 32
Jun 14 13:01:48 lake Pluto[6988]: |    transform number: 1
Jun 14 13:01:48 lake Pluto[6988]: |    transform ID: KEY_IKE
Jun 14 13:01:48 lake Pluto[6988]: | ******parse ISAKMP Oakley attribute:
Jun 14 13:01:48 lake Pluto[6988]: |    af+type: OAKLEY_LIFE_TYPE
Jun 14 13:01:48 lake Pluto[6988]: |    length/value: 1
Jun 14 13:01:48 lake Pluto[6988]: |    [1 is OAKLEY_LIFE_SECONDS]
Jun 14 13:01:48 lake Pluto[6988]: | ******parse ISAKMP Oakley attribute:
Jun 14 13:01:48 lake Pluto[6988]: |    af+type: OAKLEY_LIFE_DURATION
Jun 14 13:01:48 lake Pluto[6988]: |    length/value: 3600
Jun 14 13:01:48 lake Pluto[6988]: | ******parse ISAKMP Oakley attribute:
Jun 14 13:01:48 lake Pluto[6988]: |    af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jun 14 13:01:48 lake Pluto[6988]: |    length/value: 5
Jun 14 13:01:48 lake Pluto[6988]: |    [5 is OAKLEY_3DES_CBC]
Jun 14 13:01:48 lake Pluto[6988]: | ******parse ISAKMP Oakley attribute:
Jun 14 13:01:48 lake Pluto[6988]: |    af+type: OAKLEY_HASH_ALGORITHM
Jun 14 13:01:48 lake Pluto[6988]: |    length/value: 1
Jun 14 13:01:48 lake Pluto[6988]: |    [1 is OAKLEY_MD5]
Jun 14 13:01:48 lake Pluto[6988]: | ******parse ISAKMP Oakley attribute:
Jun 14 13:01:48 lake Pluto[6988]: |    af+type:
OAKLEY_AUTHENTICATION_METHOD
Jun 14 13:01:48 lake Pluto[6988]: |    length/value: 1
Jun 14 13:01:48 lake Pluto[6988]: |    [1 is OAKLEY_PRESHARED_KEY]
Jun 14 13:01:48 lake Pluto[6988]: "phs" #1: Can't authenticate: no
preshared key found for `x.x.x.x' and `y.y.y.y'.  Attribute
OAKLEY_AUTHENTICATION_METHOD
Jun 14 13:01:48 lake Pluto[6988]: "phs" #1: no acceptable Oakley
Transform
Jun 14 13:01:48 lake Pluto[6988]: | state transition function for
STATE_MAIN_I1 failed: NO_PROPOSAL_CHOSEN
Jun 14 13:01:48 lake Pluto[6988]: | next event EVENT_RETRANSMIT in 12
seconds for #1

-- 
Neil Dombrowski

IS Manager
eBuilt, Inc
3540 Howard Way
Costa Mesa, CA 92626
949-609-4757
Prev by Date: Re: Son of IKE: A proposal for moving forward
Next by Date: Sidetracked
Prev by thread: IPsec AH and ESP I-Ds; source address as possible SA selector for multicastSA?
Next by thread: Sidetracked
Index(es):
- Date
- Thread