IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP

From: Vasiliy Boulytchev (vasiliy_at_boulytcheva.com)
Date: Mon May 13 2002 - 21:42:14 CEST

What do the logs say?
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Ralf G. R. Bergs" <rabe_at_RWTH-Aachen.DE>
To: "FreeS/WAN Users Mailing List" <users_at_lists.freeswan.org>
Sent: Monday, May 13, 2002 12:05 PM
Subject: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS
<-> WinXP

> Hi there,
>
> I'm trying to establish an IPSec connection between Windoze XP and a Linux
> security gateway running FreeS/WAN 1.96 (Debian pkg. ver. 1.96-1.2) under
> Debian/GNU Linux Woody (pre-3.0 aka "testing"), kernel ver. 2.4.18-rel.
>
> Regardless of how hard I try I can't get this running. I CAN, however,
> establish a connection between two (from a software point of view)
identical
> Linux machines.
>
> This is ipsec.conf on the security gateway (Linux machine):
>
> config setup
> interfaces=%defaultroute
> klipsdebug=all
> plutodebug=all
> plutoload=%search
> plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=no
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> # This is for Win2000 host; does NOT work by ANY means
> conn lkt-hostA
> also=our_stuff
> # Right security gateway, subnet behind it, next hop toward left.
> right=%any
> rightid="/C=DE/O=University of X/OU=Institute of Y/CN=foo_at_bar.DE"
> auto=add
>
> # Defs for Linux host, works fine
> conn lkt-hostB
> also=our_stuff
> right=%any
> rightid="/C=DE/ST=Northrhine-Westfalia/L=Aachen/O=Aachen U of
>
Tech/OU=ACME/CN=some.host.RWTH-Aachen.DE/Email=foobar_at_nowhere.org"
> auto=add
>
> conn our_stuff
> left=%defaultroute
> leftsubnet=aaa.bbb.ccc.0/24
> leftid="C=DE, ST=Bavaria, O=Some University, OU=Institute of
Common
> Confusion, CN=WWW.Confusion.Uni.DE/Email=dumb_at_some.where.net"
>
> On the Windoze host I'm using the following ipsec.conf file, together with
> Marcus Mueller's VPN tool:
>
> conn lkt-hostA
> right=%any
> left=xx.yy.zz.aa
> leftsubnet=aaa.bbb.ccc.0/24
> leftca="E = admin_at_uni.de, CN = Certification Authority, OU =
> Institute of Common Confusion, O = University of Bavaria, L =
> Locality, S = Bavaria, C = DE"
> network=both
> auto=start
> pfs=yes
>
>
> I've created key pairs for all three connection endpoints, i.e. one for
the
> security gateway, and one each for the "road warriors." I've signed them
with
> the CA's key, and imported them into Windoze XP (and FreeS/WAN on the 2nd
> host.)
>
> All I get when I try to connect from the XP host is the following:
>
> May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: ignoring
Vendor
> ID payload
> May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: initial
Main
> Mode message received on xx.yy.zz.aa:500 but no connection has been
authorized
>
> Any idea how to debug and solve this problem?
>
> Thanks,
>
> Ralf
>
> PS: I hope I didn't "break" anything (i.e. present inconsistent data)
trying
> to hide the correct hostnames/IP addresses.
>
>
> --
> Sign the EU petition against SPAM: L I N U X .~.
> http://www.politik-digital.de/spam/ The Choice /V\
> of a GNU /( )\
> Generation ^^-^^
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST