IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] IPSEC behind ADSL-Router

From: Bernd Kompass (bernd.kompass_at_gmx.net)
Date: Thu Mar 14 2002 - 21:50:00 CET

Hello!

This is my first posting here and therefore "Hello". I looked at the archives and at
groups.google.com but i couldn't find a similar situation and now im asking here, hoping
to get an answer.

i have to following configuration:

ADSL Modem/Router (62.47.x.x and 192.168.0.1)
                   I
       ______I_______
       I I
Intranet I
(192.168.0.0) I
                       Linux(freeswan, x.509)
                          (192.168.0.2)

The ADSL Modem forwardws the UDP Ports needed for IPSEC to 192.168.0.2. When i
try to connect from outside with XP (roadwarrior), i get the entries in the log-file:

Mar 12 21:51:21 einstein2 Pluto[508]: "bernd" 62.47.172.162 #12: initiating Main Mode
to replace #11
Mar 12 21:51:21 einstein2 Pluto[508]: "bernd" 62.47.172.162 #12: ignoring Vendor ID
payload
Mar 12 21:52:31 einstein2 Pluto[508]: "bernd" 62.47.172.162 #12: max number of
retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no
acceptable response to our first encrypted message
Mar 12 21:52:31 einstein2 Pluto[508]: "bernd" 62.47.172.162 #12: starting keying
attempt 2 of at most 3
Mar 12 21:52:31 einstein2 Pluto[508]: "bernd" 62.47.172.162 #13: initiating Main Mode
to replace #12
Mar 12 21:52:31 einstein2 Pluto[508]: "bernd" 62.47.172.162 #13: ignoring Vendor ID
payload
Mar 12 21:52:32 einstein2 modprobe: modprobe: Can't locate module char-major-6
Mar 12 21:53:02 einstein2 Pluto[508]: packet from 62.47.172.162:500: Informational
Exchange is for an unknown (expired?) SA
Mar 12 21:53:42 einstein2 Pluto[508]: "bernd" 62.47.172.162 #13: max number of
retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no
acceptable response to our first encrypted message
Mar 12 21:53:42 einstein2 Pluto[508]: "bernd" 62.47.172.162 #13: starting keying
attempt 3 of at most 3
Mar 12 21:53:42 einstein2 Pluto[508]: "bernd" 62.47.172.162 #14: initiating Main Mode
to replace #13
Mar 12 21:53:42 einstein2 Pluto[508]: "bernd" 62.47.172.162 #14: ignoring Vendor ID
payload
Mar 12 21:54:32 einstein2 Pluto[508]: packet from 62.47.172.162:500: Informational
Exchange is for an unknown (expired?) SA
Mar 12 21:54:53 einstein2 Pluto[508]: "bernd" 62.47.172.162 #14: max number of
retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no
acceptable response to our first encrypted message
Mar 12 21:55:17 einstein2 Pluto[508]: packet from 62.47.172.162:500: Informational
Exchange is for an unknown (expired?) SA
Mar 12 21:55:51 einstein2 Pluto[508]: "bernd" 62.47.172.162 #11: ISAKMP SA expired
(LATEST!)
Mar 12 21:55:51 einstein2 Pluto[508]: "bernd" 62.47.172.162: deleting connection
"bernd" instance with peer 62.47.172.162

When i try to ping an internal IP from XP, i get 100% Paket loss and XP writes:
Negotiating IP-security

Now i don't know how to reach a computer in the intranet. Did I understand something
wrong? Where is my mistake? (i followed the instructions from andreas steffen in ct
5/02)

Thanks in advance
Bernd 

--
Was wir wissen ist ein Tropfen,
was wir nicht wissen - ein Ozean.
          Isaac Newton

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST