Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] FreeSwan and WinXP - No ping possible

From: Adrian Blockus (ablockus_at_gmx.net)
Date: Tue Apr 23 2002 - 17:06:23 CEST

Next message: John Sullivan: "RE: [Users] desperate for help! freeswan attempt: can exhange key s but no access to other net after! (long)"
Previous message: Jeremy Hansen: "[Users] simple setup"
In reply to: John A. Sullivan III: "RE: [Users] FreeSwan and WinXP - No ping possible"
Next in thread: Adrian Blockus: "Re: [Users] FreeSwan and WinXP - No ping possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

this is the log from /var/log/messages:

Apr 23 16:49:47 VPN-Gate ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Apr 23 16:49:48 VPN-Gate kernel: klips_info:ipsec_init: KLIPS startup,
FreeS/WAN IPSec version: 1.97
Apr 23 16:49:48 VPN-Gate ipsec_setup: KLIPS debug `none'
Apr 23 16:49:49 VPN-Gate ipsec_setup: KLIPS ipsec0 on eth0
130.75.137.86/255.255.255.0 broadcast 130.75.137.255
Apr 23 16:49:49 VPN-Gate ipsec__plutorun: Starting Pluto subsystem...
Apr 23 16:49:49 VPN-Gate ipsec_setup: ...FreeS/WAN IPsec started
Apr 23 16:49:49 VPN-Gate Pluto[972]: Starting Pluto (FreeS/WAN Version 1.97)
Apr 23 16:49:49 VPN-Gate Pluto[972]: including X.509 patch (Version
0.9.10)
Apr 23 16:49:49 VPN-Gate Pluto[972]: Changing to directory
'/etc/ipsec.d/cacerts'
Apr 23 16:49:49 VPN-Gate Pluto[972]: loaded cacert file 'RootCA.der' (1185
bytes)
Apr 23 16:49:49 VPN-Gate Pluto[972]: Changing to directory
'/etc/ipsec.d/crls'
Apr 23 16:49:49 VPN-Gate Pluto[972]: loaded crl file 'crl.pem' (698 bytes)
Apr 23 16:49:49 VPN-Gate Pluto[972]: loaded my default X.509 cert file
'/etc/x509cert.der' (1259 bytes)
Apr 23 16:49:49 VPN-Gate Pluto[972]: loaded host cert file
'/etc/ipsec.d/vpn-gate.pem' (5121 bytes)
Apr 23 16:49:49 VPN-Gate Pluto[972]: added connection description "rw"
Apr 23 16:49:49 VPN-Gate Pluto[972]: listening for IKE messages
Apr 23 16:49:49 VPN-Gate Pluto[972]: adding interface ipsec0/eth0
130.75.137.86
Apr 23 16:49:49 VPN-Gate Pluto[972]: loading secrets from
"/etc/ipsec.secrets"
Apr 23 16:49:49 VPN-Gate Pluto[972]: loaded private key file
'/etc/ipsec.d/private/vpn-gate.key' (1743 bytes)
Apr 23 16:50:44 VPN-Gate Pluto[972]: packet from 130.75.137.71:500: ignoring
Vendor ID payload
Apr 23 16:50:44 VPN-Gate Pluto[972]: "rw" 130.75.137.71 #1: responding to
Main Mode from unknown peer 130.75.137.71
Apr 23 16:50:44 VPN-Gate Pluto[972]: "rw" 130.75.137.71 #1: encrypted
Informational Exchange message is invalid because it is for incomplete
Informational Exchange message is invalid because it is for incomplete
ISAKMP SA
Apr 23 16:51:29 VPN-Gate kernel: mtrr: your processor doesn't support
write-combining
Apr 23 16:51:29 VPN-Gate last message repeated 24 times
Apr 23 16:51:54 VPN-Gate Pluto[972]: "rw" 130.75.137.71 #1: max number of
retransmissions (2) reached STATE_MAIN_R2
Apr 23 16:51:54 VPN-Gate Pluto[972]: "rw" 130.75.137.71: deleting connection
"rw" instance with peer 130.75.137.71
Apr 23 16:52:43 VPN-Gate Pluto[972]: packet from 130.75.137.71:500:
Informational Exchange is for an unknown (expired?) SA

----- Original Message -----
From: "John A. Sullivan III" <John.Sullivan_at_nexusmgmt.com>
To: <sbawa_at_tabmaster.com>
Cc: "Adrian Blockus" <atrieman_at_yahoo.de>; <users_at_lists.freeswan.org>
Sent: Tuesday, April 23, 2002 12:07 PM
Subject: RE: [Users] FreeSwan and WinXP - No ping possible

> That's not always true. In most of my configurations I am able to
> establish the tunnel well within four "ping times." But we will need
> more information to try to guess at the problem, Adrian - John
>
> On Mon, 2002-04-22 at 13:13, Sanjiv Bawa wrote:
> > It takes a lot more than 4 pings to get a connection. Try
> > ping -n 10000 ipaddress
> >
> > -----Original Message-----
> > From: users-admin_at_lists.freeswan.org
> > [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Adrian Blockus
> > Sent: Monday, April 22, 2002 6:01 AM
> > To: users_at_lists.freeswan.org
> > Subject: [Users] FreeSwan and WinXP - No ping possible
> >
> >
> > Hello,
> >
> > I use freeswan 1.97 with x509-patch. For configuration I followed the
> > instructions by Nate Carlson. When I ping from the XP box I get the
> > message "Negotiating IP Security" four times, but packet statistics say,
> > that all packets are lost. If I ping without IPsec started, everything
> > works. Both machines are in the same subnet.
> > What am I doing wrong??
> >
> > Thanks, Ad
> >
> >
> >
> --
> John A. Sullivan III
> Group Technology Director
> Nexus Management
> +1 207-985-7880
> John.Sullivan_at_nexusmgmt.com

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: John Sullivan: "RE: [Users] desperate for help! freeswan attempt: can exhange key s but no access to other net after! (long)"
Previous message: Jeremy Hansen: "[Users] simple setup"
In reply to: John A. Sullivan III: "RE: [Users] FreeSwan and WinXP - No ping possible"
Next in thread: Adrian Blockus: "Re: [Users] FreeSwan and WinXP - No ping possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST