Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Difficult time - Sentinel

From: Freeswan (freeswan_at_bdunn.com)
Date: Fri Mar 15 2002 - 10:48:49 CET

Next message: Radu Popa: "[Users] Problem with freeswan and ssh sentinel rw!!! Please heeeeelp!"
Previous message: Andreas Steffen: "Re: [Users] IKE source port aother than 500"
Next in thread: Andreas Steffen: "Re: [Users] Difficult time - Sentinel"
Reply: Andreas Steffen: "Re: [Users] Difficult time - Sentinel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have been trying for weeks to get a VPN connection from my WinXP box to my
Linux box running Freeswan 1.96 with the x509 patches. Lately, I have been
trying SSH's Sentinel and I think I'm a little closer, but I still need some
help.

This is my simple network:

Remote:
c600.bdunn.com (WinXP) (10.10.10.3) connects to Efficient 8561 Router
(10.10.10.254 & 65.65.125.161) connects to Internet.

Host:
gateway.fielder.org (Linux) (192.168.132.3) connects to Cisco 1720 Router
(192.168.132.1 & 66.137.141.190) connects to Internet.

All ports are left open for these while I'm trying to get this to work.
Obviously I'm natting using the Routers to do it.

ipsec.conf from the Linux box:
-----(snip)-----
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        authby=rsasig
        auto=add
        #
        left=192.168.132.3
        leftsubnet=192.168.132.0/24
        #
        right=%any
        #

conn remoteuser1
rightcert=c600.bdunn.com.pem
leftcert=gateway.fielder.org.pem

-----(snip)-----

Output from /var/log/secure:
-----(snip)-----
Mar 15 03:28:11 gateway Pluto[17802]: "remoteuser1" 65.65.125.161 #1: Peer
ID is ID_FQDN: '@c600.bdunn.com'
Mar 15 03:28:11 gateway Pluto[17802]: "remoteuser1" 65.65.125.161 #1: Issuer
CA certificate not found
Mar 15 03:28:11 gateway Pluto[17802]: "remoteuser1" 65.65.125.161 #1: X.509
certificate rejected
Mar 15 03:28:11 gateway Pluto[17802]: "remoteuser1" 65.65.125.161 #1: no
suitable connection for peer '@c600.bdunn.com'
Mar 15 03:28:15 gateway Pluto[17802]: "remoteuser1" 65.65.125.161 #1:
ignoring informational payload, type IPSEC_INITIAL_CONTACT
-----(snip)-----

ANY help you might provide will be GREATLY appreciated!!! I've also tried
the vpn.ebootis.de Windows 2000 VPN tool following various directions with
limited success. I really don't want to give up on this. Please help!

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Radu Popa: "[Users] Problem with freeswan and ssh sentinel rw!!! Please heeeeelp!"
Previous message: Andreas Steffen: "Re: [Users] IKE source port aother than 500"
Next in thread: Andreas Steffen: "Re: [Users] Difficult time - Sentinel"
Reply: Andreas Steffen: "Re: [Users] Difficult time - Sentinel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST