[ previous ] [ next ] [ threads ]
 
 From:  Marc Berthold <ber at fmx dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec VPN between m0nowall (1.11) and Linksys WAG54G (1.01.6)
 Date:  Sun, 29 May 2005 00:38:28 +0200 
Hi Folk,
As said in the subjet I try to setup a IPSec vpn tunnel between a 
m0nowall (1.11 runing on a nokia IP330)  and my Linksys WAG54G (1.01.6).
And guess what: It fail !

I followed the documentation but I must be stupid enough to make a error 
somehow somewhere.

Here is the log from the m00wall:
May 28 21:52:34     racoon: ERROR: isakmp.c:512:isakmp_main(): can't 
start the quick mode, there is no valid ISAKMP-SA, 
82f0d743ef18e036:530e89f025128cc0
May 28 21:52:23     racoon: ERROR: isakmp.c:512:isakmp_main(): can't 
start the quick mode, there is no valid ISAKMP-SA, 
82f0d743ef18e036:530e89f025128cc0
May 28 21:52:23     racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): 
couldn't find the proper pskey, try to get one by the peer's address.
May 28 21:52:22     racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): 
begin Aggressive mode.
May 28 21:52:22     racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): 
respond new phase 1 negotiation: 62.50.75.5[500]<=>213.3.1.15[500]

If pskey is about the Pre-Shared Key seting in the Phase1: the entry is 
the same on both end !

Nothing in the firewall log show that anything get blocked about 
something comming close to the vpn.

Here is the VPN log entry from the Linksys:
2005-05-29 00:35:50
2005-05-29 00:35:50 IKE[1] Tx >> AG_I1 : 62.50.75.5 SA, KE, Nonce, ID
2005-05-29 00:35:50 IKE[1] Rx << AG_R1 : 62.50.75.5 SA, KE, NONCE, ID, 
HASH, VID
2005-05-29 00:35:50 IKE[1] ISAKMP SA CKI=[d737fef0 b1957304] 
CKR=[7a1d87a5 c76b4a72]
2005-05-29 00:35:50 IKE[1] ISAKMP SA DES / MD5 / PreShared / MODP_768
2005-05-29 00:35:50 IKE[1] Tx >> AG_I2 : 62.50.75.5 HASH
2005-05-29 00:35:50 IKE[1] Tx >> QM_I1 : 62.50.75.5 HASH, SA, NONCE, ID, ID
2005-05-29 00:36:00 IKE[1] Rx << AG_R1 : 62.50.75.5 SA, KE, NONCE, ID, 
HASH, VID
2005-05-29 00:36:00 IKE[1] ISAKMP SA CKI=[d737fef0 b1957304] 
CKR=[7a1d87a5 c76b4a72]
2005-05-29 00:36:00 IKE[1] ISAKMP SA DES / MD5 / PreShared / MODP_768
2005-05-29 00:36:00 IKE[1] Tx >> AG_I2 : 62.50.75.5 HASH
2005-05-29 00:36:00 IKE[1] Tx >> QM_I1 : 62.50.75.5 HASH, SA, NONCE, ID, ID


I found nothing on the internet (google) about a howto or something like 
this.
Alos the m0n0wall list hasn't something like this.

Can somebody give me a hint ?

Kind regards,
Marc


-- 

#include <standard.disclaimer>
Berthold Marc, Switzerland

// Computers are only interesting when they go wrong,
// otherwise it's just like watching television !!!