[vpnc-devel] Re: 0.3.2 INVALID_EXCHANGE_TYPE error
Maurice Massar
massar at unix-ag.uni-kl.de
Sun Feb 13 11:09:27 CET 2005
hi,
On Sun, Feb 13, 2005 at 10:12:06AM +1100, Ken Yap wrote:
> has been made with this issue. Unfortunately I'm not able to see the
> Cisco side of things. I turned to vpnc because the Cisco Linux vpnclient
> took over the default route and shot itself in the foot because it then
> couldn't reach the gateway. I also don't have a Windows machine, but my
> colleague tells me that it works fine.
the anwser from the concentrator in your case is
"ISAKMP_N_NO_PROPOSAL_CHOSEN".
Try running vpnc with --enable-1des
If that does not help, is your site using hybrid mode?
ie. PSK-Auth in one direction and Signatures in the other?
hm, if the cisco client gets far enough to establish a connection,
try making a debug log, or even a tcpdump (-s 1500) or ethereal, etc.
would help (because the first 2 packets are unencrypted). If the cisco
client on your computer does not get that far, maybe you could ask your
colleague to make a debug log.
Be sure to use the appropriate debug levels (for both linux and windows
the config file must be edited manually, because for windows the gui
does not allow to set high enough values and for linux, well there is no
gui anyway (-;)
http://www.unix-ag.uni-kl.de/~massar/vpnc/docs/cisco-log-procedure.txt
cu
maurice
More information about the vpnc-devel
mailing list