Well the connection is loaded successfully :
> May 6 08:09:08 spiderke Pluto[31222]: added connection description
> "easynet-rsa"
Then you start the connection:
> May 6 08:09:08 spiderke Pluto[31222]: "easynet-rsa" #1: initiating Main
> Mode
A lot of "garbage" produced by KLIPS follows but the rest of the
log is missing. What happens after that? Does the connection get
established?
Regards
Andreas
johan wrote:
>
> Hi,
>
> If I do that, I receive following messages :
>
>
>
> May 6 08:09:07 spiderke Pluto[31222]: Starting Pluto (FreeS/WAN Version
> 1.97)
> May 6 08:09:07 spiderke Pluto[31222]: including X.509 patch (Version
> 0.9.11)
> May 6 08:09:07 spiderke Pluto[31222]: Changing to directory
> '/etc/ipsec.d/cacerts'
> May 6 08:09:07 spiderke Pluto[31222]: loaded cacert file 'caCert.der'
> (873 bytes)
> May 6 08:09:07 spiderke Pluto[31222]: Changing to directory
> '/etc/ipsec.d/crls'
> May 6 08:09:07 spiderke Pluto[31222]: loaded crl file 'crl.der' (333
> bytes)
> May 6 08:09:07 spiderke Pluto[31222]: loaded my default X.509 cert
> file '/etc/x509cert.der' (856 bytes)
> May 6 08:09:08 spiderke Pluto[31222]: added connection description
> "easynet-rsa"
> May 6 08:09:08 spiderke Pluto[31222]: listening for IKE messages
> May 6 08:09:08 spiderke Pluto[31222]: adding interface ipsec0/ppp0
> 213.193.182.49
> May 6 08:09:08 spiderke Pluto[31222]: loading secrets from
> "/etc/ipsec.secrets"
> May 6 08:09:08 spiderke Pluto[31222]: "easynet-rsa" #1: initiating Main
> Mode
> May 6 08:09:09 spiderke Pluto[31222]: "easynet-rsa" #1: ignoring Vendor
> ID payload
>
> -----------------------------
> May 6 08:09:09 spiderke kernel: klips_debug: IP: ihl:20 ver:4 tos:0
> tlen:208 id:0 DF frag_off:0 ttl:64 proto:17 (UDP) chk:13981
> saddr:213.193.182.49:500 daddr:212.100.163.40:500
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_findroute:
> 213.193.182.49->212.100.163.40
> May 6 08:09:09 spiderke kernel: klips_debug:rj_match: * See if we match
> exactly as a host destination
> May 6 08:09:09 spiderke kernel: klips_debug:rj_match: ** try to match a
> leaf, t=0xc81f6490
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_findroute: found,
> points to proto=61, spi=104, dst=0.
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
> checking for local udp/500 IKE packet saddr=d5c1b631, er=c81f6490,
> daddr=d464a328, er_dst=0, proto=17 sport=500 dport=0
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
> Original head,tailroom: 16,16
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
> PASS: calling dev_queue_xmit
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
> With hard_header, final head,tailroom: 16,16
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tunnel_start_xmit:
> ...done, calling ip_send() on device:ppp0
> May 6 08:09:09 spiderke kernel: klips_debug: IP: ihl:20 ver:4 tos:0
> tlen:208 id:0 DF frag_off:0 ttl:64 proto:17 (UDP) chk:13981
> saddr:213.193.182.49:500 daddr:212.100.163.40:500
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_version_get_info:
> buffer=0xcd626000, *start=0x0, offset=0, length=3072
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_version_get_info:
> buffer=0xcd626000, *start=0x0, offset=24, length=3072
> May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 6 @key =
> c6c241f0 key = 00000000->00000000 @mask = 00000000
> May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 4 @key =
> c81f64e0 key = d5c1b631->d464a300 @mask = cf038240 mask =
> ffffffff->ffffff00
> May 6 08:09:09 spiderke kernel: klips_debug:* off = 0
> May 6 08:09:09 spiderke kernel: klips_debug:@ flags = 6 @key = c6c241fc
> key = ffffffff->ffffffff @mask = 00000000
> May 6 08:09:09 spiderke kernel: klips_debug: off = 0
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_eroute_get_info:
> buffer=0xc9e72000, *start=0x0, offset=0, length=3072May 6 08:09:09
> spiderke kernel: klips_debug:rj_walktree: for: rn=cb4e08f8 rj_b=-3
> rj_flags=6 leaf key = 00000000->00000000
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
> leaves, rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
> base=00000000 rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key =
> 00000000->00000000
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
> rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
> leaves, rn=cb4e0928 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
> base=00000000 rn=c81f6490 rj_b=-1 rj_flags=4 leaf key =
> d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_rj_walker_procprint:
> rn=c81f6490, w0=cb9e7f4c
> May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 6 @key =
> c6c241f0 key = 00000000->00000000 @mask = 00000000
> May 6 08:09:09 spiderke kernel: klips_debug:@@ flags = 4 @key =
> c81f64e0 key = d5c1b631->d464a300 @mask = cf038240 mask =
> ffffffff->ffffff00
> May 6 08:09:09 spiderke kernel: klips_debug:* off = 0
> May 6 08:09:09 spiderke kernel: klips_debug:@ flags = 6 @key = c6c241fc
> key = ffffffff->ffffffff @mask = 00000000
> May 6 08:09:09 spiderke kernel: klips_debug: off = 0
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_eroute_get_info:
> buffer=0xca57d000, *start=0x0, offset=61, length=3072
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
> rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
> leaves, rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
> base=00000000 rn=cb4e08f8 rj_b=-3 rj_flags=6 leaf key =
> 00000000->00000000
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: for:
> rn=c81f6490 rj_b=-1 rj_flags=4 leaf key = d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: processing
> leaves, rn=cb4e0928 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
> May 6 08:09:09 spiderke kernel: klips_debug:rj_walktree: while:
> base=00000000 rn=c81f6490 rj_b=-1 rj_flags=4 leaf key =
> d5c1b631->d464a300
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_rj_walker_procprint:
> rn=c81f6490, w0=cb9e7f4c
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_spi_get_info:
> buffer=0xca57d000, *start=0x0, offset=0, length=3072
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_spigrp_get_info:
> buffer=0xca57d000, *start=0x0, offset=0, length=3072May 6 08:09:09
> spiderke kernel: klips_debug:ipsec_tncfg_get_info: buffer=0xca57d000,
> *start=0x0, offset=0, length=3072
> May 6 08:09:09 spiderke kernel: klips_debug:ipsec_tncfg_get_info:
> buffer=0xca57d000, *start=0x0, offset=126, length=3072
> May 6 08:09:10 spiderke kernel: klips_debug:ipsec_version_get_info:
> buffer=0xc59db000, *start=0x0, offset=0, length=3072
> May 6 08:09:10 spiderke kernel: klips_debug:ipsec_version_get_info:
> buffer=0xc59db000, *start=0x0, offset=24, length=30
>
> Greetz,
> Johan Boeckx
>
> On Sun, 2002-05-05 at 17:14, Andreas Steffen wrote:
> > Due to a more stringent syntax checking introduced by the FreeW/SWAN
> > team I had to change my notation for IDs of type ID_DER_ASN1_DN.
> > It is now
> >
> > leftid="/C=BE/ST=Brussels/L=Brussels/O=Easynet/OU=Customer Care/
> > CN=johan.boeckx.be.easynet.net"
> >
> > IDs of type ID_FQDN don't need any quotes, thus
> >
> > rightid=@entropy.office.be.easynet.net
> >
> > Regards
> >
> > Andreas
> >
> > ======================================================================
> > Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> > Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> > CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> > ===============================================================[ZHW]==
> >
> >
> > > -----Original Message-----
> > > From: users-admin_at_lists.freeswan.org
> > > [mailto:users-admin_at_lists.freeswan.org]On Behalf Of johan
> > > Sent: Donnerstag, 2. Mai 2002 02:53
> > > To: users_at_lists.freeswan.org
> > > Subject: [Users] white spaces in leftid
> > >
> > >
> > > Hi,
> > >
> > > I have a problem since i tried to change from freeswan 1.91 to 1.92 and
> > > now to freeswan 1.97. I have a ipsec to a remote netscreen10 where ipsec
> > > is configured. the ipsec is configured with x509 certificate version
> > > x509patch-0.9.11. The problem is the white space in the leftid at my
> > > side and of course also for the other users, which means that all linux
> > > users are forced to use freeswan 1.91 and not higher, which means they
> > > can not upgrade to kernel higher then 2.4.9.
> > >
> > > conn easynet-rsa
> > > authby=rsasig
> > > left=%defaultroute
> > > leftid=@'/C=BE/ST=Brussels/L=Brussels/O=Easynet/OU=Customer
> > > Care/CN=johan.boeckx.be.easynet.net'
> > > leftrsasigkey=%cert
> > > right=212.100.163.12
> > > rightsubnet=212.100.163.0/24
> > > rightrsasigkey=%cert
> > > rightid=@'entropy.office.be.easynet.net'
> > > auto=start
> > >
> > >
> > > As you can see , there is a white space in the OU : Customer Care.
> > > The error message is the ipsec barf :
> > > May 2 02:30:17 spiderke ipsec__plutorun: ipsec_auto: fatal error in
> > > "easynet-rsa": (/etc/ipsec.conf, line 64) white space within non-quoted
> > > parameter "leftid"
> > >
> > > Is there a patch to resolve this problem, or another way ?
> > >
> > > Greetz,
> > > Johan Boeckx
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users_at_lists.freeswan.org
> > > http://lists.freeswan.org/mailman/listinfo/users
> > >
> >
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]==Content Security by MailMarshal _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST