Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Error message "no connection has been authorized"

From: Andreas Steffen (andreas.steffen_at_strongsec.com)
Date: Mon Apr 29 2002 - 09:29:11 CEST

Next message: Teemu Torma: "Re: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
In reply to: Gerhard Hofmann: "[Users] Error message "no connection has been authorized""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There was a typo in my c't article. Your gateway_ipsec.conf is

conn roadwarrior
  auth=rsasig
  ^^^^
  right=%any
  auto=add

the correct definition is

authby=rsasig

I apologize

Andreas

Gerhard Hofmann wrote:
>
> I have setup a Linux VPN gateway with most recent Free S/WAN + X.509
> patches.
>
> When connecting with a Windows 2000 roadwarrior notebook (I use the tools
> provided on vpn.ebootis.de) to the gateway via the Internet, I cannot ping
> the VPN gateway.
>
> But when looking into /var/log/messages I see some messages that indicate
> that there was some connection between notebook and VPN gateway:
> pr 22 14:37:10 slinux1 Pluto[1441]: | ***parse ISAKMP Security Association
> Payl
> oad:
> Apr 22 14:37:10 slinux1 Pluto[1441]: | next payload type: ISAKMP_NEXT_VID
> Apr 22 14:37:10 slinux1 Pluto[1441]: | length: 164
> Apr 22 14:37:10 slinux1 Pluto[1441]: | DOI: ISAKMP_DOI_IPSEC
> Apr 22 14:37:10 slinux1 Pluto[1441]: | ***parse ISAKMP Vendor ID Payload:
> Apr 22 14:37:10 slinux1 Pluto[1441]: | next payload type:
> ISAKMP_NEXT_NONE
> Apr 22 14:37:10 slinux1 Pluto[1441]: | length: 24
> Apr 22 14:37:10 slinux1 Pluto[1441]: packet from 62.246.10.107:500: ignoring
> Ven
> dor ID payload
> Apr 22 14:37:10 slinux1 Pluto[1441]: | VID: 1e 2b 51 69 05 99 1c 7d 7c 96
> fc
> bf b5 87 e4 61
> Apr 22 14:37:10 slinux1 Pluto[1441]: | 00 00 00 02
> Apr 22 14:37:10 slinux1 Pluto[1441]: packet from 62.246.10.107:500: initial
> Main
> Mode message received on 192.168.1.18:500 but no connection has been
> authorized
>
> 62.246.10.107 was the IP of notebook at this time and 192.168.1.18 is IP of
> VPN gateway (private IP address, our Internet router forwards UDP port 500
> to this address).
>
> AFAIK, I have setup certificates correctly on both sides.
>
> What am I doing wrong?
>
> ipsec.conf files of VPN gateway and roadwarrior are attached.
>
> TIA
> Gerhard Hofmann
>
> --------------------------------------------------------------------------------
> Name: client_ipsec.conf
> client_ipsec.conf Type: unspecified type (application/octet-stream)
> Encoding: quoted-printable
>
> Name: gateway_ipsec.conf
> gateway_ipsec.conf Type: unspecified type (application/octet-stream)
> Encoding: quoted-printable

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Teemu Torma: "Re: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Andreas Steffen: "RE: [Users] FreeSwan 1.97 + x.509 0.9.11 + Sentinel 1.3 Problem"
In reply to: Gerhard Hofmann: "[Users] Error message "no connection has been authorized""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST