Problem establishing tunnel between CheckPoint and freeswan

Gray, Kevin kgray at DREAMWORKS.COM
Fri Dec 22 21:38:15 EST 2000 

I am trying to establish a tunnel between Checkpoint FW1/VPN1 and FreeSwan
1.8. I have read the document located at
http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-linuxvpn.p
df
<http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-linuxvpn.
pdf>  I tried following it verbatim, but that didn't work. I got the
following error:

104 "gray-dreamworks" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2,
expecting MR2
003 "gray-dreamworks" #1: discarding duplicate packet; already STATE_MAIN_I2
003 "gray-dreamworks" #1: discarding duplicate packet; already STATE_MAIN_I2
003 "gray-dreamworks" #1: discarding duplicate packet; already STATE_MAIN_I2
003 "gray-dreamworks" #1: discarding duplicate packet; already STATE_MAIN_I2
010 "gray-dreamworks" #1: STATE_MAIN_I2: retransmission; will wait 20s for
response
003 "gray-dreamworks" #1: discarding duplicate packet; already STATE_MAIN_I2
106 "gray-dreamworks" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3,
expecting MR3
003 "gray-dreamworks" #1: no suitable connection for peer '10.10.1.198'
218 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
003 "gray-dreamworks" #1: no suitable connection for peer '10.10.1.198'
218 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION
003 "gray-dreamworks" #1: no suitable connection for peer '10.10.1.198'
218 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_ID_INFORMATION

So I added a leftid=10.10.1.198 parameter to the connection definition in
/etc/ipsec.conf for freeswan since CKP was answering back with that ID. Now
I get the following error:

102 "gray-dreamworks" #1: STATE_MAIN_I1: initiate
104 "gray-dreamworks" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2,
expecting MR2
106 "gray-dreamworks" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3,
expecting MR3
003 "gray-dreamworks" #1: received Hash Payload does not match computed
value
223 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_HASH_INFORMATION
003 "gray-dreamworks" #1: received Hash Payload does not match computed
value
223 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_HASH_INFORMATION
003 "gray-dreamworks" #1: received Hash Payload does not match computed
value
223 "gray-dreamworks" #1: STATE_MAIN_I3: INVALID_HASH_INFORMATION

Has anyone seen this error before, or have any idea what I might be doing
wrong?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20001222/c39f802e/attachment.htm

More information about the VPN mailing list