[Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem

• Next message: Dave almond: "[Users] Which a flavor to choose !!?"
• Previous message: Jörn Laube: "[Users] FreeS/Wan and IPComp"
• Next in thread: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Reply: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Maybe reply: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
 
I Just graded up to a 1.97 FreeSwan with the actual x.509 extension.
Every time I try to establish the
connection between my w2k Laptop with Sentinel 1.3 and the gateway I get
the following log output
in /var/log/secure:
 
---------------------------------
May 4 00:22:50 firecat Pluto[3968]: packet from <peer>:500:

ignoring Vendor ID payload

May 4 00:22:50 firecat Pluto[3968]: "daniel" <peer> #1:

responding to Main Mode from unknown peer <peer>

May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: ignoring

informational payload, type IPSEC_INITIAL_CONTACT

May 4 00:22:51 firecat May 4 00:22:50 firecat Pluto[3968]: packet from

212.9.166.22:500: ignoring Vendor ID payload

May 4 00:22:50 firecat Pluto[3968]: "daniel" <peer> #1:

responding to Main Mode from unknown peer <peer>

May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: ignoring

informational payload, type IPSEC_INITIAL_CONTACT

May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: Peer ID

is ID_USER_FQDN: 'dt_at_admindu.de'

May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: sent MR3,

ISAKMP SA established

May 4 00:22:52 firecat Pluto[3968]: "daniel" <peer> #1:

retransmitting in response to duplicate packet; already STATE_MAIN_R3

May 4 00:22:52 firecat Pluto[3968]: "daniel" <peer> #1:

Informational Exchange message for an established ISAKMP SA must be

encrypted

---------------------------------

And here comes my config. It's based on the SSH.com draft for using
Sentinel with virtual IP Addresses.

---------------------------------

# basic configuration
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        uniqueids=yes

# default values for the connection descriptions that follow
conn %default
    keyingtries=0
    disablearrivalcheck=no
    keyexchange=ike
    ikelifetime=240m
    keylife=60m
    pfs=yes
    compress=no
    authby=rsasig
    right=%any
    rightrsasigkey=%cert
    left=<my gateway>
    leftnexthop=<nexthop to inet>
    leftcert=<my gateway cert>
    auto=add

conn daniel
     type=tunnel
     leftsubnet=<my lan behind gateway>
     right=%any
     rightsubnet=192.168.10.1/32
     rightid=dt_at_admindu.de
     rightcert=<client cert>
     pfs=no

---------------------------------

Does anybody had this befor a can give me some hints how to fix it? I
have no more ideas :(

thank you in advance

best regards

                Daniel Tombeil

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Dave almond: "[Users] Which a flavor to choose !!?"
• Previous message: Jörn Laube: "[Users] FreeS/Wan and IPComp"
• Next in thread: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Reply: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Maybe reply: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST