Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Road Warrior Config

From: Mark Muffett (mark_at_muffett.net)
Date: Mon May 06 2002 - 23:13:42 CEST

Next message: Sandy Harris: "Re: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Vasiliy Boulytchev: "Re: [Users] RSASIG error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm trying to set a Road Warrior using PGPnet at the other end (Freeswan
1.97 this end). Connecting is a problem

I'm using shared secrets and I get the following error log on the Freeswan
end (in /var/log/messages):

May 6 09:44:26 vpng Pluto[1022]: packet from xxx.xxx.xxx.109:500: ignoring
Vendor ID payload
May 6 09:44:26 vpng Pluto[1022]: packet from xxx.xxx.xxx.109:500: ignoring
Vendor ID payload
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94:
responding to Main Mode from unknown peer xxx.xxx.xxx.109
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94:
OAKLEY_CAST_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94:
Pluto does not support HybridInitDSS authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94:
OAKLEY_CAST_CBC is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94:
Pluto does not support HybridInitRSA authentication. Attribute
OAKLEY_AUTHENTICATION_METHOD
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109 #94: no
acceptable Oakley Transform
May 6 09:44:26 vpng Pluto[1022]: "PolestarAmanda" xxx.xxx.xxx.109: deleting
connection "PolestarAmanda" instance with peer xxx.xxx.xxx.109

My ipsec.conf file is as follows:

conn PolestarAmanda
        # Left security gateway, subnet behind it, next hop toward left.
        # Polestar
        left=xxx.xxx.xxx.131
        leftsubnet=10.1.0.0/24
        leftnexthop=xxx.xxx.xxx.129
        # Amanda
        # accept any address
        right=%any
        #
        # no subnet for a typical road warrior
        # it is possible, but usually not needed
        # so the rightsubnet= parameter is omitted
        #
        # let the road warrior start the connection
        auto=add
        # override the default retry for road warriors
        # we don't want to retry if IP connectivity is gone
        keyingtries=1

Any ideas?

Thanks for any help

Mark Muffett

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Sandy Harris: "Re: [Users] It is not funny anymore: VIRUS / WORMS over this list"
Previous message: Vasiliy Boulytchev: "Re: [Users] RSASIG error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST