IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Freeswan and Checkpoint Problems

From: Benjamin Hayes (bhayes_at_allwin.net)
Date: Tue Mar 19 2002 - 21:56:32 CET

I have a problem with FreeS/WAN connectivity and Checkpoint's VPN-1 and FW-1
modules. Here is the vpn layout.

3.3.3.3/32==========2.2.2.2.................1.1.1.1
leftsubnet left right

So, the ipsec.conf excerpt is

conn newcon
        left=2.2.2.2
        leftsubnet=3.3.3.3/32
        right=1.1.1.1
        keyexchange=ike
        auth=esp
        authby=secret
        pfs=no
        auto=add

1.1.1.1 is the Linux Free S/WAN box, 2.2.2.2 is the Checkpoint Hardware
device with the Firewall (FW-1) and VPN (VPN-1) modules. The authentication
is done by PSK, since Checkpoint cannot do any other. Also, the encrytion is
turned up to 1024. So, here is what happens.

Mar 19 15:53:03 www Pluto[31239]: "newcon" #152: responding to Main Mode
Mar 19 15:53:03 www Pluto[31239]: "newcon" #152: sent MR3, ISAKMP SA
established
Mar 19 15:53:03 www Pluto[31239]: "newcon" #153: cannot respond to IPsec SA
request because no connection is known for 1.1.1.1...2.2.2.2===3.3.3.3/32
Mar 19 15:53:05 www Pluto[31239]: "newcon" #152: Quick Mode I1 message is
unacceptable because it uses a previously used Message ID 0x2c0c9f5d
(perhaps this is a duplicated packet)

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST