Any Doc's on OpenSWAN to Cisco WRV210 available?

Unanswered Question
Jan 29th, 2010
User Badges:

I see my wrv210 is using openswan. I would like to do an ipsec tunnel with openswan on linux server. I have to believe this has already been done, maybe not with this specific device. I've searched on openswan but found very little. Can someone point me?


I've connected a tunnel with an BEFSX41. Using the same config with PSK not RSA I get this in the 210's vpn log. I've double checked the PSK. The 210 is being nat'd to the internet the linux server is sitting directly on the internet.

001   [Fri 07:31:22]  added connection description "TunnelA"
002   [Fri 07:31:22]  "TunnelA" #6: initiating Main Mode
003   [Fri 07:31:22]  "TunnelA" #6: [WRV210 Response:] ISAKMP SA (Main Mode) Initiation
004   [Fri 07:31:22]  "TunnelA" #6: ignoring unknown Vendor ID payload [4f456c6a405d72544d42754d]
005   [Fri 07:31:22]  "TunnelA" #6: received Vendor ID payload [Dead Peer Detection]
006   [Fri 07:31:22]  "TunnelA" #6: received Vendor ID payload [RFC 3947] method set to=109
007   [Fri 07:31:22]  "TunnelA" #6: enabling possible NAT-traversal with method 3
008   [Fri 07:31:23]  "TunnelA" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
009   [Fri 07:31:23]  "TunnelA" #6: STATE_MAIN_I2: sent MI2, expecting MR2
010   [Fri 07:31:23]  "TunnelA" #6: I did not send a certificate because I do not have one.
011   [Fri 07:31:23]  "TunnelA" #6: NAT-Traversal: Result using 3: i am NATed
012   [Fri 07:31:23]  "TunnelA" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
013   [Fri 07:31:23]  "TunnelA" #6: STATE_MAIN_I3: sent MI3, expecting MR3
014   [Fri 07:31:33]  "TunnelA" #6: discarding duplicate packet; already STATE_MAIN_I3
015   [Fri 07:31:53]  "TunnelA" #6: discarding duplicate packet; already STATE_MAIN_I3
016   [Fri 07:32:33]  "TunnelA" #6: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Unyalliman Fri, 01/29/2010 - 10:28
User Badges:

Hey folks, thanks for all your help. I found there was a device in the path not allowing the Nat-T UDP 4500 through. She's up.


This Discussion