I'm trying to setup a VPN-connection to another machine using preshared
secrets. However, 'ipsec manual --up "conn-name"' exits with the following
error message:
/usr/lib/ipsec/spi --label testserver: Trouble building key_a extension,
error=-22.
I'm currently using Freeswan 1.97 on Mandrake 8.2 (patched kernel to FS 1.97),
but I get the same error message with Freeswan 1.96 and 1.95 (From mdk82) +
mdk82 stock kernel.
Does anyone have any ideas on what could be wrong ??
I've seen this issue has been brought up earlier on this list, but no answers
have been given......
The output from ipsec manual --show --up "conn-name", ipsec.conf and
ipsec.secrets is included below.
Note: I get the same error message whatever my ipsec.secrets contains (also
empty) as long as it exists.
ipsec manual --show --up testserver:
+ PATH=/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
+ export PATH
+ PLUTO_VERSION=1.1
+ PLUTO_CONNECTION=testserver
+ PLUTO_NEXT_HOP=146.172.48.0
+ PLUTO_INTERFACE=ipsec0
+ PLUTO_ME=80.213.75.112
+ PLUTO_MY_CLIENT=80.213.75.112/32
+ PLUTO_MY_CLIENT_NET=80.213.75.112
+ PLUTO_MY_CLIENT_MASK=255.255.255.255
+ PLUTO_PEER=195.0.209.97
+ PLUTO_PEER_CLIENT=195.0.209.97/32
+ PLUTO_PEER_CLIENT_NET=195.0.209.97
+ PLUTO_PEER_CLIENT_MASK=255.255.255.255
+ export PLUTO_VERSION PLUTO_CONNECTION PLUTO_NEXT_HOP
+ export PLUTO_INTERFACE PLUTO_ME PLUTO_MY_CLIENT
+ export PLUTO_MY_CLIENT_NET PLUTO_MY_CLIENT_MASK PLUTO_PEER
+ export PLUTO_PEER_CLIENT PLUTO_PEER_CLIENT_NET
+ export PLUTO_PEER_CLIENT_MASK
+ ipsec spi --label testserver --af inet --said tun0x101_at_195.0.209.97 --ip4
--src 80.213.75.112 --dst 195.0.209.97
+ ipsec spi --label testserver --af inet --said esp0x103_at_195.0.209.97 --esp
3des-sha1-96 --src 80.213.75.112
/usr/lib/ipsec/spi --label testserver: Trouble building key_a extension,
error=-22.
ipsec.conf:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
#plutodebug=all
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone
left=%defaultroute
right=%opportunistic
keylife=1h
rekey=no
# uncomment this next line to enable it
#auto=route
# sample VPN connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
left=10.0.0.1
leftsubnet=172.16.0.0/24
leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
right=10.12.12.1
rightsubnet=192.168.0.0/24
rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
# Connection to testserver
conn testserver
# Left security gateway
left=195.0.209.97
# Right security gateway, subnet behind it, next hop toward left
right=%defaultroute
spibase=0x100
auth=esp
authby=secret
esp=3des-sha1-96
# espenckey=
# espauthkey=
ipsec.secrets:
195.0.209.97 %any: PSK "secret..."
Atle
-- Atle Nissestad Norbit AS Stiklestadv. 1 7041 Trondheim Norway Phone: +47 73 98 25 50 Dir: +47 73 98 25 62 Fax: +47 73 98 25 51 Mail: atle.nissestad_at_norbit.no_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:55 CEST