Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Roadwarrior problem after upgrading to 1.97 and new kernel

From: Jens Hassler (j.hassler_at_gmx.net)
Date: Fri Apr 26 2002 - 11:17:31 CEST

Next message: Arzoo Saher: "[Users] FreeS/WAN 1.94 on Linux6.2 Server ?"
Previous message: alert_at_notification.messagelabs.com: "[Users] WARNING. You tried to send a potential virus or unauthorised code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi there,

I've got a strange problem after upgrading from...

Kernel 2.2.19, FreeS/WAN 1.95

Kernel 2.4.18, FreeS/WAN 1.97

Our roadwarrior clients (Windoze) use the PGP-VPN-Software with
PGP-Certificates. I've installed the newest X.509 Patch (which includes the
PGP stuff).

It worked great with the old configuration, but now I get the message
"required public key not found" on the PGP-Client side. The configuration
has not been changed.

This is how FreeS/WAN starts:

ipsec_setup: Starting FreeS/WAN IPsec U1.97/K1.95...
ipsec_setup: KLIPS debug `none'
ipsec_setup: KLIPS ipsec0 on eth0 195.226.109.60/255.255.255.240 broadcast
195.226.109.63
ipsec__plutorun: Starting Pluto subsystem...
ipsec_setup: ...FreeS/WAN IPsec started
rc: Starting ipsec succeeded
Pluto[582]: Starting Pluto (FreeS/WAN Version 1.97)
Pluto[582]: including X.509 patch (Version 0.9.10)
Pluto[582]: Could not change to directory '/etc/ipsec.d/cacerts'
Pluto[582]: Could not change to directory '/etc/ipsec.d/crls'
Pluto[582]: could not open my default X.509 cert file '/etc/x509cert.der'
Pluto[582]: Loaded my OpenPGP certificate file '/etc/pgpcert.pgp' (584
bytes)

These are the messages printed when someone tries to connect:

Pluto[595]: packet from 149.225.116.3:500: ignoring Vendor ID payload
Pluto[595]: "wgw_server-hjschmidt" 149.225.116.3 #554: responding to Main
Mode from unknown peer 149.225.116.3
Pluto[595]: "wgw_server-hjschmidt" 149.225.116.3 #554: ignoring
informational payload, type UNSUPPORTED_EXCHANGE_TYPE
Pluto[595]: "wgw_server-hjschmidt" 149.225.116.3 #554: received and ignored
informational message

This is the configuration snippet for this roadwarrior:

conn wgw_fw-hjschmidt
also=hjschmidt
auto=add

conn wgw_net-hjschmidt
        also=hjschmidt
        auto=add
        leftsubnet=193.98.35.0/24

conn hjschmidt
        also=firewall-gr
        rightid=@#886783D5E2AE5DD2895E873115E71E0F
        rightrsasigkey=0x03010001cd7 [...]

And this is the firewall part ("also=firewall-gr"):

conn firewall-gr
        keyingtries=1
        left=195.226.109.60
        leftid=@#6311F443A70CEE11B781820482540D92
        leftrsasigkey=0x0111df [...]
        leftnexthop=195.226.109.49
        right=%any
        compress=yes

Was there any change in the code between 1.95 and 1.97 which may produce
this error? Or is this something with the new kernel? As said: The
configuration has not been changed on either side, I only did the upgrade.

Thanks a lot for your help.

Jens Hassler

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Arzoo Saher: "[Users] FreeS/WAN 1.94 on Linux6.2 Server ?"
Previous message: alert_at_notification.messagelabs.com: "[Users] WARNING. You tried to send a potential virus or unauthorised code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST