If you type
ipsec auto --status
do you see the correct definition of connection lkt-hostA listed in the output?
It could be that the connection does not get loaded correctly when Pluto starts
up.
Regards
Andreas
"Ralf G. R. Bergs" wrote:
>
> Hi there,
>
> I'm trying to establish an IPSec connection between Windoze XP and a Linux
> security gateway running FreeS/WAN 1.96 (Debian pkg. ver. 1.96-1.2) under
> Debian/GNU Linux Woody (pre-3.0 aka "testing"), kernel ver. 2.4.18-rel.
>
> Regardless of how hard I try I can't get this running. I CAN, however,
> establish a connection between two (from a software point of view) identical
> Linux machines.
>
> This is ipsec.conf on the security gateway (Linux machine):
>
> config setup
> interfaces=%defaultroute
> klipsdebug=all
> plutodebug=all
> plutoload=%search
> plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=no
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> # This is for Win2000 host; does NOT work by ANY means
> conn lkt-hostA
> also=our_stuff
> # Right security gateway, subnet behind it, next hop toward left.
> right=%any
> rightid="/C=DE/O=University of X/OU=Institute of Y/CN=foo_at_bar.DE"
> auto=add
>
> # Defs for Linux host, works fine
> conn lkt-hostB
> also=our_stuff
> right=%any
> rightid="/C=DE/ST=Northrhine-Westfalia/L=Aachen/O=Aachen U of
> Tech/OU=ACME/CN=some.host.RWTH-Aachen.DE/Email=foobar_at_nowhere.org"
> auto=add
>
> conn our_stuff
> left=%defaultroute
> leftsubnet=aaa.bbb.ccc.0/24
> leftid="C=DE, ST=Bavaria, O=Some University, OU=Institute of Common
> Confusion, CN=WWW.Confusion.Uni.DE/Email=dumb_at_some.where.net"
>
> On the Windoze host I'm using the following ipsec.conf file, together with
> Marcus Mueller's VPN tool:
>
> conn lkt-hostA
> right=%any
> left=xx.yy.zz.aa
> leftsubnet=aaa.bbb.ccc.0/24
> leftca="E = admin_at_uni.de, CN = Certification Authority, OU =
> Institute of Common Confusion, O = University of Bavaria, L =
> Locality, S = Bavaria, C = DE"
> network=both
> auto=start
> pfs=yes
>
> I've created key pairs for all three connection endpoints, i.e. one for the
> security gateway, and one each for the "road warriors." I've signed them with
> the CA's key, and imported them into Windoze XP (and FreeS/WAN on the 2nd
> host.)
>
> All I get when I try to connect from the XP host is the following:
>
> May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: ignoring Vendor
> ID payload
> May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: initial Main
> Mode message received on xx.yy.zz.aa:500 but no connection has been authorized
>
> Any idea how to debug and solve this problem?
>
> Thanks,
>
> Ralf
>
> PS: I hope I didn't "break" anything (i.e. present inconsistent data) trying
> to hide the correct hostnames/IP addresses.
>
> --
> Sign the EU petition against SPAM: L I N U X .~.
> http://www.politik-digital.de/spam/ The Choice /V\
> of a GNU /( )\
> Generation ^^-^^
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]==Content Security by MailMarshal _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST