Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Protocal problem freeswan <-> Win2K

From: Andreas Steffen (andreas.steffen_at_zhwin.ch)
Date: Tue Apr 09 2002 - 15:24:50 CEST

Next message: Andreas Steffen: "Re: [Users] firewall rules depending on roadwarrior cert"
Previous message: Frank Segtrop: "Re: [Users] which personal firewall passes esp"
In reply to: jens.jahr.jj_at_bayer-ag.de: "[Users] Protocal problem freeswan <-> Win2K"
Next in thread: jens.jahr.jj_at_bayer-ag.de: "Re: [Users] Protocal problem freeswan <-> Win2K"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Could it be that you are using a very old FreeS/WAN version? This kind
of bug was fixed a long time ago. Newer FreeS/WAN versions accept
Protocol 17 (UDP) and port 500 (ISAKMP) definitions in Main Mode,
whereas in IPsec SA proposals (Quick Mode) no protocol or port restrictions
can be made.

Regards

Andreas

jens.jahr.jj_at_bayer-ag.de wrote:
>
> Hello,
>
> connecting a win2K box to our freeswan linux box causes the following log-entry:
>
> --- snip
>
> > mail Pluto[1019]: "remote1" 149.225.28.115 #7: responding to Main Mode from
> unknown peer 149.225.28.115
> >Apr 8 22:36:54 mail Pluto[1019]: "remote1" 149.225.28.115 #7: Peer ID is
> ID_DER_ASN1_DN: 'C=DE, ST=test, L=test, O=Bla, OU=Technik, CN=JJA_PC,
> >E=bla_at_xxx.de'
> >Apr 8 22:36:54 mail Pluto[1019]: "remote1" 149.225.28.115 #7: sent MR3, ISAKMP
> SA established
> >Apr 8 22:36:55 mail Pluto[1019]: "remote1" 149.225.28.115 #8: peer client ID
> payload ID_IPV4_ADDR specifies protocol 17; we only support 0
> >Apr 8 22:36:56 mail Pluto[1019]: "remote1" 149.225.28.115 #7: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID >0xc7c0766d
> (perhaps this is a duplicated packet)
> >Apr 8 22:36:58 mail Pluto[1019]: "remote1" 149.225.28.115 #7: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID >0xc7c0766d
> (perhaps this is a duplicated packet)
> >Apr 8 22:37:01 mail Pluto[1019]: "remote1" 149.225.28.115 #7: ignoring Delete
> SA payload
> >Apr 8 22:37:01 mail Pluto[1019]: "remote1" 149.225.28.115 #7: received and
> ignored informational message
> >Apr 8 22:38:47 mail Pluto[1019]: packet from 149.225.28.115:500: ignoring
> Vendor ID payload
>
> -- snap
>
> This is what I dont understand.
>
> peer client ID payload ID_IPV4_ADDR specifies protocol 17; we only support 0"
>
> has anyone an idea what is going wrong ?
> I didn't find an option where to tell Win2K to you IP-IP ( Protcol 0 ) and not
> UDP (Protocol 17 ).
>
> Thanks for your advise.
>
> Cheerss
> Jens Jahr

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Andreas Steffen: "Re: [Users] firewall rules depending on roadwarrior cert"
Previous message: Frank Segtrop: "Re: [Users] which personal firewall passes esp"
In reply to: jens.jahr.jj_at_bayer-ag.de: "[Users] Protocal problem freeswan <-> Win2K"
Next in thread: jens.jahr.jj_at_bayer-ag.de: "Re: [Users] Protocal problem freeswan <-> Win2K"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:50 CEST