What does the ipsec.conf on the W2k side look like. W2k cannot
find the CA certificate belonging to
rightid="C=DE, ST=NDS, O=testag, OU=rweinsunit, CN=rweinsname,
E=rweinsemail"
Regards
Andreas
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
> -----Original Message-----
> From: Philip Reetz [mailto:p.reetz_at_linet-services.de]
> Sent: Donnerstag, 2. Mai 2002 10:02
> To: users; Nate Carlson; Harry Brueckner; andreas.steffen
> Subject: Help: Win2k <-> Freeswan w/ X509
>
>
> Sorry, if I should post this message twice. But I'm not sure whether my
> first mail got out or not. I didn't get my message back over the ipsec
> list. Actually I didn't get any mails from the list since Saturday which
> is quite unusual. If this message already came through the list I
> apologize. Maybe someone could just give me a short ACK so I know, it
> got out.
>
> Thanks.
>
> Ciao,
> Philip
>
>
> Hello everyone,
> first thanks to all who tried to help me with my previous posting (same
> topic). I really appreciate the help. I made new certs being careful
> that the DNs are very unique and that there are no special characters in
> the DN.
> Today I wanted to test it and, of course, it didn't work :(
> But the goog news is, I got a different error message both on the linux
> side and on the windows side :). I include the part from the ipsec.conf,
> the /var/log/messages and attach the windows oakley log.
> If somebody could log over it, I would really appreciate it. I don't
> know what to do.
> Thanks.
> Ciao,
> Philip
>
> linux side:
>
> /etc/ipsec.conf
> -snip-
> # basic configuration
> config setup
> interfaces="ipsec0=eth2"
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
> klipsdebug=none
> plutodebug=none
> # Use auto= parameters in conn descriptions to control startup
> actions.
> plutoload=%search
> plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
> plutowait=no
>
>
> # defaults for subsequent connection descriptions
> conn %default
> # How persistent to be in (re)keying negotiations (0 means very).
> keyingtries=0
> authby=rsasig
> leftid=@testag
> leftrsasigkey=0x01blablabla
>
> some other connections freeswan<->freeswan
>
> conn bssub-rw1
> authby=rsasig
> left=xxx.yyy.zzz.110
> leftsubnet=192.168.0.0/24
> leftnexthop=xxx.yyy.zzz.109
> leftrsasigkey=%cert
> leftid="C=DE, ST=NDS, O=testag, OU=gwunit,
> CN=gwname/Email=gwemail"
> right=%any
> rightsubnet=
> rightnexthop=
> rightrsasigkey=%cert
> rightid="C=DE, ST=NDS, O=testag, OU=rweinsunit, CN=rweinsname,
> E=rweinsemail"
> auto=add
> -snip-
>
> /var/log/messages
> -snip-
> Apr 29 11:56:42 test-lx-01 Pluto[8618]: packet from 193.159.67.56:500:
> ignoring Vendor ID payload
> Apr 29 11:56:42 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
> responding to Main Mode from unknown peer 193.159.67.56
> Apr 29 11:56:43 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
> Peer ID is ID_DER_ASN1_DN: 'C=DE, ST=NDS, O=testag, OU=rweinsunit,
> Apr 29 11:56:43 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
> sent MR3, ISAKMP SA established
> Apr 29 11:58:40 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
> ignoring Delete SA payload
> Apr 29 11:58:40 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
> received and ignored informational message
> -snip-
>
> The windows log is attached to this message. No tunnel is established.
> Tried several times.
>
> --
> LINET Services
> Bunkus, Geisler und Reetz GbR
>
> Rebenring 33 Tel.: 0531-280 191 71
> 38106 Braunschweig Fax.: 0531-280 191 72
>
> http://www.linet-services.de
> mailto:info_at_linet-services.de
>
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST