[Users] Why won't Win2k ipsec try to connect to freeswan

• Next message: Justin Kreger: "RE: [Users] Linksys BEFVP41 router"
• Previous message: Jason Purdy: "[Users] Need help with configuring client (and/or server) correctly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have been talking to nate carlson and he asked that I post this here since he
doesn't see anything incorrect.

The windows 2000 box doesn't even talk to the linux machine (thunderbird). I have
even tried removing all firewalling rules.

The logs and ipsec.conf files are included below:

****************** windows 2000 log ******************
c:> ipsec
IPSec Version 2.0.1 (c) 2001,2002 Marcus Mueller
Getting running Config ...
Microsoft's Windows 2000 identified
Host name is: SSLP-SSMITH
No RAS connections found.
LAN IP address: 192.168.1.5
Setting up IPSec ...

         Deactivating old policy...
         Removing old policy...

Connection win2k:
         MyTunnel : 192.168.1.5
         MyNet : 192.168.1.5/255.255.255.255
         PartnerTunnel: 192.168.1.1
         PartnerNet : 0.0.0.0/0.0.0.0
         CA (ID) : Preshared Key ******************
         PFS : y
         Auto : start
         Auth.Mode : MD5
         Rekeying : 3600S/50000K
         Activating policy...
c:> ping thunderbird

Pinging thunderbird.smith.home [192.168.1.1] with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time=10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255

Ping statistics for 192.168.1.1:
     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
     Minimum = 0ms, Maximum = 10ms, Average = 2ms

c:> ipsecpol

v1.22 Copyright(c) 1998-2001, Microsoft Corporation
USAGE:

****************** linux log files *******************

messages
Apr 24 08:18:39 thunderbird ipsec_setup: Stopping FreeS/WAN IPsec...
Apr 24 08:18:40 thunderbird kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 08:18:40 thunderbird kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Apr 24 08:18:40 thunderbird kernel: klips_info:cleanup_module: ipsec module unloaded.
Apr 24 08:18:40 thunderbird ipsec_setup: ...FreeS/WAN IPsec stopped
Apr 24 08:18:40 thunderbird ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Apr 24 08:18:44 thunderbird kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 1.97
Apr 24 08:18:45 thunderbird ipsec_setup: KLIPS debug `none'
Apr 24 08:18:45 thunderbird ipsec_setup: KLIPS ipsec0 on eth1 192.168.1.1/255.0.0.0 broadcast 192.255.255.255
Apr 24 08:18:45 thunderbird ipsec_setup: WARNING: eth1 has route filtering turned on, KLIPS may not work
Apr 24 08:18:45 thunderbird ipsec_setup: (/proc/sys/net/ipv4/conf/eth1/rp_filter = `1', should be 0)
Apr 24 08:18:45 thunderbird ipsec_setup: ...FreeS/WAN IPsec started
Apr 24 08:18:45 thunderbird /etc/hotplug/net.agent: register event not handled
Apr 24 08:18:45 thunderbird last message repeated 3 times
Apr 24 08:21:28 thunderbird dhcpd: DHCPINFORM from 192.168.1.5

secure
Apr 24 08:18:39 thunderbird Pluto[7382]: shutting down
Apr 24 08:18:39 thunderbird Pluto[7382]: forgetting secrets
Apr 24 08:18:39 thunderbird Pluto[7382]: "workstation": deleting connection
Apr 24 08:18:39 thunderbird Pluto[7382]: "win2k": deleting connection
Apr 24 08:18:39 thunderbird Pluto[7382]: "workstation-net": deleting connection
Apr 24 08:18:39 thunderbird Pluto[7382]: shutting down interface ipsec0/eth1 192.168.1.1
Apr 24 08:18:45 thunderbird ipsec__plutorun: Starting Pluto subsystem...
Apr 24 08:18:45 thunderbird Pluto[8508]: Starting Pluto (FreeS/WAN Version 1.97)
Apr 24 08:18:45 thunderbird Pluto[8508]: including X.509 patch (Version 0.9.10)
Apr 24 08:18:45 thunderbird Pluto[8508]: Changing to directory '/etc/ipsec.d/cacerts'
Apr 24 08:18:45 thunderbird Pluto[8508]: loaded cacert file 'RootCA.der' (1128 bytes)
Apr 24 08:18:45 thunderbird Pluto[8508]: Changing to directory '/etc/ipsec.d/crls'
Apr 24 08:18:45 thunderbird Pluto[8508]: loaded crl file 'crl.pem' (674 bytes)
Apr 24 08:18:45 thunderbird Pluto[8508]: loaded my default X.509 cert file '/etc/x509cert.der' (1172 bytes)
Apr 24 08:18:45 thunderbird Pluto[8508]: loaded host cert file '/etc/ipsec.d/thunderbird.smith.home.pem' (4935 bytes)
Apr 24 08:18:45 thunderbird Pluto[8508]: loaded host cert file '/etc/ipsec.d/client.thunderbird.smith.home.pem' (4976 bytes)
Apr 24 08:18:45 thunderbird Pluto[8508]: added connection description "workstation-net"
Apr 24 08:18:45 thunderbird Pluto[8508]: added connection description "win2k"
Apr 24 08:18:46 thunderbird Pluto[8508]: loaded host cert file '/etc/ipsec.d/thunderbird.smith.home.pem' (4935 bytes)
Apr 24 08:18:46 thunderbird Pluto[8508]: loaded host cert file '/etc/ipsec.d/client.thunderbird.smith.home.pem' (4976 bytes)
Apr 24 08:18:46 thunderbird Pluto[8508]: added connection description "workstation"
Apr 24 08:18:46 thunderbird Pluto[8508]: listening for IKE messages
Apr 24 08:18:46 thunderbird Pluto[8508]: adding interface ipsec0/eth1 192.168.1.1
Apr 24 08:18:46 thunderbird Pluto[8508]: loading secrets from "/etc/ipsec.secrets"
Apr 24 08:18:46 thunderbird Pluto[8508]: loaded private key file '/etc/ipsec.d/private/thunderbird.smith.home.key' (1743 bytes)

***************** windows ipsec.conf *************************
conn win2k
     right=%any
     left=192.168.1.1
     leftsubnet=0.0.0.0/0
     network=lan
     auto=start
     pfs=yes
     presharedkey="secret"

***************** linux ipsec.conf *************************

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
         # THIS SETTING MUST BE CORRECT or almost nothing will work;
         # %defaultroute is okay for most simple cases.
         interfaces="ipsec0=eth1"
         # Debug-logging controls: "none" for (almost) none, "all" for lots.
         klipsdebug=none
         plutodebug=none
         # Use auto= parameters in conn descriptions to control startup actions.
         plutoload=%search
         plutostart=%search
         # Close down old connection when new one using same ID shows up.
         uniqueids=yes

# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)

conn %default
     keyingtries=1
     compress=yes
     disablearrivalcheck=no
     auto=add
     pfs=yes

### (linux. 192.168.1.1)
conn win2k
     authby=secret
     left=192.168.1.1
     leftsubnet=0.0.0.0/0
     right=%any
     rekey=yes

conn workstation-net
         authby=rsasig
         leftrsasigkey=%cert
         rightrsasigkey=%cert
         left=192.168.1.1
         leftcert=thunderbird.smith.home.pem
         leftsubnet=0.0.0.0/0
         right=%any
         rightcert=client.thunderbird.smith.home.pem

conn workstation
         authby=rsasig
         leftrsasigkey=%cert
         rightrsasigkey=%cert
         left=192.168.1.1
         leftcert=thunderbird.smith.home.pem
         right=%any
         rightcert=client.thunderbird.smith.home.pem

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Justin Kreger: "RE: [Users] Linksys BEFVP41 router"
• Previous message: Jason Purdy: "[Users] Need help with configuring client (and/or server) correctly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:55 CEST