IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] white spaces in leftid

From: johan (johan30_at_easynet.be)
Date: Mon May 06 2002 - 08:12:32 CEST

Hi,

If I do that, I receive following messages :

 

May 6 08:09:07 spiderke Pluto[31222]: Starting Pluto (FreeS/WAN Version
1.97)
May 6 08:09:07 spiderke Pluto[31222]: including X.509 patch (Version
0.9.11)
May 6 08:09:07 spiderke Pluto[31222]: Changing to directory
'/etc/ipsec.d/cacerts'
May 6 08:09:07 spiderke Pluto[31222]: loaded cacert file 'caCert.der'
(873 bytes)
May 6 08:09:07 spiderke Pluto[31222]: Changing to directory
'/etc/ipsec.d/crls'
May 6 08:09:07 spiderke Pluto[31222]: loaded crl file 'crl.der' (333
bytes)
May 6 08:09:07 spiderke Pluto[31222]: loaded my default X.509 cert
file '/etc/x509cert.der' (856 bytes)
May 6 08:09:08 spiderke Pluto[31222]: added connection description
"easynet-rsa"
May 6 08:09:08 spiderke Pluto[31222]: listening for IKE messages
May 6 08:09:08 spiderke Pluto[31222]: adding interface ipsec0/ppp0
213.193.182.49
May 6 08:09:08 spiderke Pluto[31222]: loading secrets from
"/etc/ipsec.secrets"
May 6 08:09:08 spiderke Pluto[31222]: "easynet-rsa" #1: initiating Main
Mode
May 6 08:09:09 spiderke Pluto[31222]: "easynet-rsa" #1: ignoring Vendor
ID payload

-----------------------------
May 6 08:09:09 spiderke kernel: klips_debug: IP: ihl:20 ver:4 tos:0
tlen:208 id:0 DF frag_off:0 ttl:64 proto:17 (UDP) chk:13981
saddr:213.193.182.49:500 daddr:212.100.163.40:500
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_findroute:
213.193.182.49->212.100.163.40
May 6 08:09:09 spiderke kernel: klips_debug:rj_match: * See if we match
exactly as a host destination
May 6 08:09:09 spiderke kernel: klips_debug:rj_match: ** try to match a
leaf, t=0xc81f6490
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_findroute: found,
points to proto=61, spi=104, dst=0.
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
checking for local udp/500 IKE packet saddr=d5c1b631, er=c81f6490,
daddr=d464a328, er_dst=0, proto=17 sport=500 dport=0
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
Original head,tailroom: 16,16
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
PASS: calling dev_queue_xmit
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
With hard_header, final head,tailroom: 16,16
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
...done, calling ip_send() on device:ppp0
May 6 08:09:09 spiderke kernel: klips_debug: IP: ihl:20 ver:4 tos:0
tlen:208 id:0 DF frag_off:0 ttl:64 proto:17 (UDP) chk:13981
saddr:213.193.182.49:500 daddr:212.100.163.40:500
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_version_get_info:
buffer=0xcd626000, *start=0x0, offset=0, length=3072
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_version_get_info:
buffer=0xcd626000, *start=0x0, offset=24, length=3072
May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 6 @key =
c6c241f0 key = 00000000->00000000 @mask = 00000000
May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 4 @key =
c81f64e0 key = d5c1b631->d464a300 @mask = cf038240 mask =
ffffffff->ffffff00
May 6 08:09:09 spiderke kernel: klips_debug:* off = 0
May 6 08:09:09 spiderke kernel: klips_debug:@ flags = 6 @key = c6c241fc
key = ffffffff->ffffffff @mask = 00000000
May 6 08:09:09 spiderke kernel: klips_debug: off = 0
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_eroute_get_info:
buffer=0xc9e72000, *start=0x0, offset=0, length=3072May 6 08:09:09
spiderke kernel: klips_debug:rj_walktree: for: rn=cb4e08f8 rj_b=-3
rj_flags=6 leaf key = 00000000->00000000
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
leaves, rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
base=00000000 rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key =
00000000->00000000
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
leaves, rn=cb4e0928 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
base=00000000 rn=c81f6490 rj_b=-1 rj_flags=4 leaf key =
d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_rj_walker_procprint:
rn=c81f6490, w0=cb9e7f4c
May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 6 @key =
c6c241f0 key = 00000000->00000000 @mask = 00000000
May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 4 @key =
c81f64e0 key = d5c1b631->d464a300 @mask = cf038240 mask =
ffffffff->ffffff00
May 6 08:09:09 spiderke kernel: klips_debug:* off = 0
May 6 08:09:09 spiderke kernel: klips_debug:@ flags = 6 @key = c6c241fc
key = ffffffff->ffffffff @mask = 00000000
May 6 08:09:09 spiderke kernel: klips_debug: off = 0
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_eroute_get_info:
buffer=0xca57d000, *start=0x0, offset=61, length=3072
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
leaves, rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
base=00000000 rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key =
00000000->00000000
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
leaves, rn=cb4e0928 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
base=00000000 rn=c81f6490 rj_b=-1 rj_flags=4 leaf key =
d5c1b631->d464a300
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_rj_walker_procprint:
rn=c81f6490, w0=cb9e7f4c
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_spi_get_info:
buffer=0xca57d000, *start=0x0, offset=0, length=3072
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_spigrp_get_info:
buffer=0xca57d000, *start=0x0, offset=0, length=3072May 6 08:09:09
spiderke kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xca57d000,
*start=0x0, offset=0, length=3072
May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tncfg_get_info:
buffer=0xca57d000, *start=0x0, offset=126, length=3072
May 6 08:09:10 spiderke kernel: klips_debug:ipsec_version_get_info:
buffer=0xc59db000, *start=0x0, offset=0, length=3072
May 6 08:09:10 spiderke kernel: klips_debug:ipsec_version_get_info:
buffer=0xc59db000, *start=0x0, offset=24, length=30

Greetz,
Johan Boeckx

On Sun, 2002-05-05 at 17:14, Andreas Steffen wrote:
> Due to a more stringent syntax checking introduced by the FreeW/SWAN
> team I had to change my notation for IDs of type ID_DER_ASN1_DN.
> It is now
>
> leftid="/C=BE/ST=Brussels/L=Brussels/O=Easynet/OU=Customer Care/
> CN=johan.boeckx.be.easynet.net"
>
> IDs of type ID_FQDN don't need any quotes, thus
>
> rightid=@entropy.office.be.easynet.net
>
> Regards
>
> Andreas
>
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> ===============================================================[ZHW]==
>
>
> > -----Original Message-----
> > From: users-admin_at_lists.freeswan.org
> > [mailto:users-admin_at_lists.freeswan.org]On Behalf Of johan
> > Sent: Donnerstag, 2. Mai 2002 02:53
> > To: users_at_lists.freeswan.org
> > Subject: [Users] white spaces in leftid
> >
> >
> > Hi,
> >
> > I have a problem since i tried to change from freeswan 1.91 to 1.92 and
> > now to freeswan 1.97. I have a ipsec to a remote netscreen10 where ipsec
> > is configured. the ipsec is configured with x509 certificate version
> > x509patch-0.9.11. The problem is the white space in the leftid at my
> > side and of course also for the other users, which means that all linux
> > users are forced to use freeswan 1.91 and not higher, which means they
> > can not upgrade to kernel higher then 2.4.9.
> >
> > conn easynet-rsa
> > authby=rsasig
> > left=%defaultroute
> > leftid=@'/C=BE/ST=Brussels/L=Brussels/O=Easynet/OU=Customer
> > Care/CN=johan.boeckx.be.easynet.net'
> > leftrsasigkey=%cert
> > right=212.100.163.12
> > rightsubnet=212.100.163.0/24
> > rightrsasigkey=%cert
> > rightid=@'entropy.office.be.easynet.net'
> > auto=start
> >
> >
> > As you can see , there is a white space in the OU : Customer Care.
> > The error message is the ipsec barf :
> > May 2 02:30:17 spiderke ipsec__plutorun: ipsec_auto: fatal error in
> > "easynet-rsa": (/etc/ipsec.conf, line 64) white space within non-quoted
> > parameter "leftid"
> >
> > Is there a patch to resolve this problem, or another way ?
> >
> > Greetz,
> > Johan Boeckx
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> >
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST