Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Problems with FreeSWAN and W2k using x509

From: Philip Reetz (p.reetz_at_linet-services.de)
Date: Wed Apr 24 2002 - 11:36:44 CEST

Next message: System Attendant: "[Users] ScanMail Message: To Recipient virus found and action taken."
Previous message: Andreas Haumer: "Re: [Users] W2k does not talk"
Next in thread: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

I set up a Linux VPN Gateway with the x509 patch. The gateway has a
static public IP addres. There are other ipsec tunnels to other linux
boxes and they work fine.
I tried to set up a configuration for roadwarrior with X509 certificates
using the article in the German ct by Andreas Steffens.

Gateway
FreeSWAN Version 1.96
X509 patch 0.99

Client:
Windows 2000 professional with Service Pack 2 installed

When trying to establish the tunnel I get the following messages:

linux side:
Apr 22 09:16:08 xxxxx Pluto[21914]: packet from 213.7.191.84:500:
ignoring Vendor ID payload
Apr 22 09:16:08 xxxxx Pluto[21914]: "bssub-rw1" 213.7.191.84 #8:
responding to Main Mode from unknown peer 213.7.191.84
Apr 22 09:16:08 xxxxx Pluto[21914]: packet from 213.7.191.84:500:
ignoring Vendor ID payload
Apr 22 09:16:08 xxxxx Pluto[21914]: "bssub-rw1" 213.7.191.84 #9:
responding to Main Mode from unknown peer 213.7.191.84
Apr 22 09:16:08 xxxxx Pluto[21914]: packet from 213.7.191.84:500:
ignoring Vendor ID payload
Apr 22 09:16:08 xxxxx Pluto[21914]: "bssub-rw1" 213.7.191.84 #10:
responding to Main Mode from unknown peer 213.7.191.84
Apr 22 09:16:09 fme-lx-01 Pluto[21914]: "bssub-rw1" 213.7.191.84 #8:
encrypted Informational Exchange message is invalid because it is for
incomplete ISAKMP SA

windows side:
when turning on oakley debug I get a message like this:
"ike could not find appropiate certificate"
The p12 file was properly imported, the certificates show in "my
certificates" and trusted root ca

The client connects to the internet through a dial up modem connection.

Any hint why this is not working would be very much appreciated.

Thanks.

Bye,
Philip

-- LINET Services Bunkus, Geisler und Reetz GbR

Rebenring 33 Tel.: 0531-280 191 71 38106 Braunschweig Fax.: 0531-280 191 72

http://www.linet-services.de mailto:info_at_linet-services.de

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: System Attendant: "[Users] ScanMail Message: To Recipient virus found and action taken."
Previous message: Andreas Haumer: "Re: [Users] W2k does not talk"
Next in thread: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Maybe reply: Philip Reetz: "Re: [Users] Problems with FreeSWAN and W2k using x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST