IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem

From: Andreas Steffen (andreas.steffen_at_strongsec.com)
Date: Sun May 05 2002 - 19:34:39 CEST

The problem in on the Sentinel side. Please check the detailed
log there.

Regards

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==

-----Original Message-----
From: users-admin_at_lists.freeswan.org [mailto:users-admin_at_lists.freeswan.org]On
Behalf Of Daniel Tombeil
Sent: Samstag, 4. Mai 2002 00:39
To: users_at_lists.freeswan.org
Subject: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem

Hi,

I Just graded up to a 1.97 FreeSwan with the actual x.509 extension. Every time
I try to establish the
connection between my w2k Laptop with Sentinel 1.3 and the gateway I get the
following log output
in /var/log/secure:

---------------------------------
May 4 00:22:50 firecat Pluto[3968]: packet from <peer>:500:
ignoring Vendor ID payload
May 4 00:22:50 firecat Pluto[3968]: "daniel" <peer> #1:
responding to Main Mode from unknown peer <peer>
May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 4 00:22:51 firecat May 4 00:22:50 firecat Pluto[3968]: packet from
212.9.166.22:500: ignoring Vendor ID payload
May 4 00:22:50 firecat Pluto[3968]: "daniel" <peer> #1:
responding to Main Mode from unknown peer <peer>
May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: Peer ID
is ID_USER_FQDN: 'dt_at_admindu.de'
May 4 00:22:51 firecat Pluto[3968]: "daniel" <peer> #1: sent MR3,
ISAKMP SA established
May 4 00:22:52 firecat Pluto[3968]: "daniel" <peer> #1:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
May 4 00:22:52 firecat Pluto[3968]: "daniel" <peer> #1:
Informational Exchange message for an established ISAKMP SA must be
encrypted

---------------------------------
And here comes my config. It's based on the SSH.com draft for using Sentinel
with virtual IP Addresses.
---------------------------------
# basic configuration
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        uniqueids=yes
# default values for the connection descriptions that follow
conn %default
    keyingtries=0
    disablearrivalcheck=no
    keyexchange=ike
    ikelifetime=240m
    keylife=60m
    pfs=yes
    compress=no
    authby=rsasig
    right=%any
    rightrsasigkey=%cert
    left=<my gateway>
    leftnexthop=<nexthop to inet>
    leftcert=<my gateway cert>
    auto=add
conn daniel
     type=tunnel
     leftsubnet=<my lan behind gateway>
     right=%any
     rightsubnet=192.168.10.1/32
     rightid=dt_at_admindu.de
     rightcert=<client cert>
     pfs=no

---------------------------------
Does anybody had this befor a can give me some hints how to fix it? I have no
more ideas :(
thank you in advance
best regards
                Daniel Tombeil

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST