Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Trying to set up vpn freeswan <-> netscreen

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Fri Apr 05 2002 - 13:18:37 CEST

Next message: Jean-Robert WIAME: "[Users] No connection for win2k <--> Router <--> linux box"
Previous message: Salvatore Buccoliero: "[Users] Version for RH7.2"
In reply to: Etienne Roulland: "[Users] Trying to set up vpn freeswan <-> netscreen"
Next in thread: Etienne Roulland: "Re: [Users] Trying to set up vpn freeswan <-> netscreen"
Reply: Etienne Roulland: "Re: [Users] Trying to set up vpn freeswan <-> netscreen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Etienne Roulland wrote:
>
> Hi,
>
> i'm trying to set up a vpn between a netscreen 5 and a freeswan with
> x509 patch (1.95).
>
> I get my own CA, make the netscreen generate a request, signed it and
> give it back with not so many problem.
>
> I saw on the web that it possible to make it work only with freeswan
> as responder.
>
> In my ipsec.conf
>
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> #klipsdebug="ah esp"
> #plutodebug="parsing emitting control crypt"
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
> conn %default
> keyingtries=3
> disablearrivalcheck=no
> type=tunnel
> left=%defaultroute
> leftcert=ipsec01p.pem
> keylife=8h
> lifetime=8h
> keyexchange=ike
> authby=rsasig
> pfs=yes
> right=%any
>
> [...]
>
> conn netscreen
> leftsubnet=10.75.201.0/24

rightid=@netscreen01b.cvf.fr

Insert this line and check if netscreen.pem contains
a DNS subjectAltname "netsrcreen01b.cvf.fr"

> rightcert=netscreen.pem
> right=aaa.bbb.ccc.ddd
> rightsubnet=10.33.237.0/24
> auto=start
> pfs=no
>
> But when i try to initilize the connection, i get in my logfile:
>
> Apr 5 10:28:26 ipsecgwprs Pluto[15608]: "netscreen" #67: Peer ID is ID_FQDN: '@netscreen01b.cvf.fr'
> Apr 5 10:28:26 ipsecgwprs Pluto[15608]: "netscreen" #67: no suitable connection for peer '@netscreen01b.cvf.fr'
> Apr 5 10:28:30 ipsecgwprs Pluto[15608]: "netscreen" #67: Peer ID is ID_FQDN: '@netscreen01b.cvf.fr'
>
> and normally i should get a : "Peer ID is ID_DER_ASN1_DN:"
>
> Is anybody has succesful experience with connection between Netscreen
> a freeswan ?
>
> Thanks

Regards

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Jean-Robert WIAME: "[Users] No connection for win2k <--> Router <--> linux box"
Previous message: Salvatore Buccoliero: "[Users] Version for RH7.2"
In reply to: Etienne Roulland: "[Users] Trying to set up vpn freeswan <-> netscreen"
Next in thread: Etienne Roulland: "Re: [Users] Trying to set up vpn freeswan <-> netscreen"
Reply: Etienne Roulland: "Re: [Users] Trying to set up vpn freeswan <-> netscreen"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:49 CEST