Hi I've been struggling with this one for a while, and would appeciate some advice from someone with more experiece that I on creating VPN tunnel between an OpenBSD (mine) and Cisco PIX (not mine..). Previously I /did/ test this using OpenBSD to OpenBSD in a test environment without problems.
Phase 1 seems to work (at least, if I use a deliberatlye incorrect shared secret I don't get this far...) Seems to fail at at phase 2 of creating a connection. . . . 183745.235438 Trpt 95 transport_release: transport 0x3c06c3c0 had 2 references 183745.235447 SA 80 sa_release: SA 0x3c067900 had 7 references 183745.235465 Cryp 10 crypto_decrypt: before decryption: 183745.235483 Cryp 10 3de05661 1cf4f34a 3651e699 729bd793 7bd71a1e 82600c51 d3bdd8b6 799a2de5 183745.235493 Cryp 10 b8314032 10ac839b 183745.235507 Cryp 30 crypto_decrypt: after decryption: 183745.235526 Cryp 30 0e000014 ade0a7a0 bcefb6d7 a834796c 6f8997da 0000000c 03000000 80140000 183745.235537 Cryp 30 00000000 00000000 183745.235547 Mesg 50 message_parse_payloads: offset 28 payload HASH 183745.235556 Mesg 50 message_parse_payloads: offset 48 payload ATTRIBUTE 183745.235567 Mesg 60 message_validate_payloads: payload HASH at 0x3c06b81c of message 0x3c06b600 183745.235577 Mesg 60 message_validate_payloads: payload ATTRIBUTE at 0x3c06b830 of message 0x3c06b600 183745.235587 Mesg 70 TYPE: 3 183745.235596 Mesg 70 ID: 0 183745.235607 Exch 90 exchange_validate: checking for required <Unknown -24112> 183745.235619 Exch 90 exchange_validate: checking for required <Unknown 7170> 183745.235629 Mesg 70 exchange_validate: msg 0x3c06b600 requires missing <Unknown 7170> 183745.235637 Default exchange_run: exchange_validate failed 183745.235653 Default dropped message from 202.148.145.81 port 500 due to notification type PAYLOAD_MALFORMED On the Cisco side, the logs are not very helpful, nor is it possible for me to get much detail from the poeple I am connecting to... 2005 19:24:31: %PIX-6-602202: ISAKMP session connected (local 212.148.145.181 (responder), remote 213.148.179.117/) ./20050430/pfw85.wic.webcentral.com.au/messages:Apr 30 23:35:38 pix.somewhere.net Apr 30 2005 23:35:33: %PIX-6-109006: Authentication failed for user '' from 213.148.179.117/0 to 202.148.145.81/0 on interface outside My /etc/isakmpd/isakmpd.conf file uses transforms and suites as per the Pix configuration. Using OpenBSD 3.6 (up to date). I don't really understand the actually error messages in the isakmpd log (log level is -DA=99) - the error messages start at about line 24000, so I have only included a few lines from this in this request for assistance working through this problem. Regards Richard Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com
