Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] W2K IPsec tool?

From: Andreas Haumer (andreas_at_xss.co.at)
Date: Wed Mar 13 2002 - 19:15:39 CET

Next message: Ad Koster: "[Users] portforwarding and freeswan"
Previous message: Nate Carlson: "Re: [Users] W2K IPsec tool?"
In reply to: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Next in thread: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Reply: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi!

I found the solution and wrote a short description to the
mailing list just a minute ago (so anyone with a similar
problem will find this in the archives & on google)

It was a problem with the names I used for the DSN: Windows
obviously doesn't like names like "xS+S" (though it did work
with FreeS/WAN)

Now I use names without "+" (like "xss"), and suddenly it works!

Nate Carlson wrote:
>
> On Wed, 13 Mar 2002, Andreas Haumer wrote:
> > I did that. But the W2K box doesn't even try to bring up the tunnel.
> > There is _no single packet_ going from the W2K box to the FreeS/WAN
> > gateway (neither UDP port 500 no IP proto 50 packets), and there is no
> > "Negotiating IP security" message to see, even if I ping the network
> > behind the FreeS/WAN gateway several times. I also did a complete
> > re-install of the W2K box (you know, it's called "Windows", but you
> > never know what is going on inside...), but this didn't help either.
> > It's clear it's not a FreeS/WAN problem, as the FreeS/WAN gateway
> > isn't involved in any way yet.
>
> Weird! So what does ping give you? Just nothing at all?
>
It just printed the usual timeout messages. There was _no_
message regarding illegal DSN names or the like!

> > This is what I try to do now. I did setup lots of FreeS/WAN based
> > IPsec tunnels in the past years, and they all work well. So I now how
> > to work with IPsec, though only with PSK configurations so far.
> >
> > With Linux & FreeS/WAN I have logfiles and tools like strace and
> > tcpdump to debug in case something is not working. But on this damned
> > W2K box I have nothing. This drives me crazy... :-(
>
> It's possible to turn logging on under Windows -- you have to set a couple
> registry keys, and then the debug logs get dumped to
> c:\windows\debug\oakley.log. A google seach for oakley.log should give you
> what you need to turn it on.
>
Thanks. Marcus Müller gave me this hint, too, and the
log entries in this file finally led me to the solution!

- andreas

-- 
Andreas Haumer                     | mailto:andreas_at_xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Ad Koster: "[Users] portforwarding and freeswan"
Previous message: Nate Carlson: "Re: [Users] W2K IPsec tool?"
In reply to: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Next in thread: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Reply: Nate Carlson: "Re: [Users] W2K IPsec tool?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST