Hi there,
I'm trying to establish an IPSec connection between Windoze XP and a Linux
security gateway running FreeS/WAN 1.96 (Debian pkg. ver. 1.96-1.2) under
Debian/GNU Linux Woody (pre-3.0 aka "testing"), kernel ver. 2.4.18-rel.
Regardless of how hard I try I can't get this running. I CAN, however,
establish a connection between two (from a software point of view) identical
Linux machines.
This is ipsec.conf on the security gateway (Linux machine):
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=no
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
# This is for Win2000 host; does NOT work by ANY means
conn lkt-hostA
also=our_stuff
# Right security gateway, subnet behind it, next hop toward left.
right=%any
rightid="/C=DE/O=University of X/OU=Institute of Y/CN=foo_at_bar.DE"
auto=add
# Defs for Linux host, works fine
conn lkt-hostB
also=our_stuff
right=%any
rightid="/C=DE/ST=Northrhine-Westfalia/L=Aachen/O=Aachen U of
Tech/OU=ACME/CN=some.host.RWTH-Aachen.DE/Email=foobar_at_nowhere.org"
auto=add
conn our_stuff
left=%defaultroute
leftsubnet=aaa.bbb.ccc.0/24
leftid="C=DE, ST=Bavaria, O=Some University, OU=Institute of Common
Confusion, CN=WWW.Confusion.Uni.DE/Email=dumb_at_some.where.net"
On the Windoze host I'm using the following ipsec.conf file, together with
Marcus Mueller's VPN tool:
conn lkt-hostA
right=%any
left=xx.yy.zz.aa
leftsubnet=aaa.bbb.ccc.0/24
leftca="E = admin_at_uni.de, CN = Certification Authority, OU =
Institute of Common Confusion, O = University of Bavaria, L =
Locality, S = Bavaria, C = DE"
network=both
auto=start
pfs=yes
I've created key pairs for all three connection endpoints, i.e. one for the
security gateway, and one each for the "road warriors." I've signed them with
the CA's key, and imported them into Windoze XP (and FreeS/WAN on the 2nd
host.)
All I get when I try to connect from the XP host is the following:
May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: ignoring Vendor
ID payload
May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: initial Main
Mode message received on xx.yy.zz.aa:500 but no connection has been authorized
Any idea how to debug and solve this problem?
Thanks,
Ralf
PS: I hope I didn't "break" anything (i.e. present inconsistent data) trying
to hide the correct hostnames/IP addresses.
--
Sign the EU petition against SPAM: L I N U X .~.
http://www.politik-digital.de/spam/ The Choice /V\
of a GNU /( )\
Generation ^^-^^
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST