用Openswan连接的时候报错如下:
STATE_AGGR_I1: INVALID_ID_INFORMATION
以下是tcpdump ip -i eth1 -v来监控输出的结果:
16:36:41.719027 IP (tos 0x0, ttl 245, id 36831, offset 0, flags [DF], proto UDP (17), length 388)
192.168.100.5.isakmp > test-ipsec.isakmp: isakmp 1.0 msgid 00000000: phase 1 R agg:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=modp1024))))
(ke: key len=128)
(nonce: n len=16)
(id: idtype=FQDN protoid=0 port=0 len=8 @abcd)
(vid: len=16)
(pay20)
(pay20)
(hash: len=20)
(vid: len=16)
16:36:41.755667 IP (tos 0x0, ttl 64, id 58128, offset 0, flags [DF], proto UDP (17), length 68)
test-ipsec.isakmp > 192.168.100.5.isakmp: isakmp 1.0 msgid 00000000: phase 1 I inf:
(n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)
16:36:46.719297 IP (tos 0x0, ttl 245, id 17780, offset 0, flags [DF], proto UDP (17), length 388)
192.168.100.5.isakmp > test-ipsec.isakmp: isakmp 1.0 msgid 00000000: phase 1 R agg:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=hash value=sha1)(type=auth value=preshared)(type=group desc value=modp1024))))
(ke: key len=128)
(nonce: n len=16)
(id: idtype=FQDN protoid=0 port=0 len=8 @abcd)
(vid: len=16)
(pay20)
(pay20)
(hash: len=20)
(vid: len=16)
16:36:46.755238 IP (tos 0x0, ttl 64, id 58129, offset 0, flags [DF], proto UDP (17), length 68)
test-ipsec.isakmp > 192.168.100.5.isakmp: isakmp 1.0 msgid 00000000: phase 1 I inf:
(n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)