Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP

From: Vasiliy Boulytchev (vasiliy_at_boulytcheva.com)
Date: Mon May 13 2002 - 23:40:41 CEST

Next message: Vasiliy Boulytchev: "Re: [Users] freeswan list filtering"
Previous message: Francesco: "[Users] key exchanging"
In reply to: Andreas Steffen: "Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP"
Next in thread: Ralf G. R. Bergs: "Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

what does /var/log/secure say when you restart ipsec?
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Andreas Steffen" <andreas.steffen_at_zhwin.ch>
To: "Ralf G. R. Bergs" <rabe_at_RWTH-Aachen.DE>
Cc: "FreeS/WAN Users Mailing List" <users_at_lists.freeswan.org>
Sent: Monday, May 13, 2002 2:25 PM
Subject: Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT
FS <-> WinXP

> If you type
>
> ipsec auto --status
>
> do you see the correct definition of connection lkt-hostA listed in the
output?
> It could be that the connection does not get loaded correctly when Pluto
starts
> up.
>
> Regards
>
> Andreas
>
> "Ralf G. R. Bergs" wrote:
> >
> > Hi there,
> >
> > I'm trying to establish an IPSec connection between Windoze XP and a
Linux
> > security gateway running FreeS/WAN 1.96 (Debian pkg. ver. 1.96-1.2)
under
> > Debian/GNU Linux Woody (pre-3.0 aka "testing"), kernel ver. 2.4.18-rel.
> >
> > Regardless of how hard I try I can't get this running. I CAN, however,
> > establish a connection between two (from a software point of view)
identical
> > Linux machines.
> >
> > This is ipsec.conf on the security gateway (Linux machine):
> >
> > config setup
> > interfaces=%defaultroute
> > klipsdebug=all
> > plutodebug=all
> > plutoload=%search
> > plutostart=%search
> > # Close down old connection when new one using same ID shows up.
> > uniqueids=no
> >
> > conn %default
> > keyingtries=0
> > disablearrivalcheck=no
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> >
> > # This is for Win2000 host; does NOT work by ANY means
> > conn lkt-hostA
> > also=our_stuff
> > # Right security gateway, subnet behind it, next hop toward
left.
> > right=%any
> > rightid="/C=DE/O=University of X/OU=Institute of
Y/CN=foo_at_bar.DE"
> > auto=add
> >
> > # Defs for Linux host, works fine
> > conn lkt-hostB
> > also=our_stuff
> > right=%any
> > rightid="/C=DE/ST=Northrhine-Westfalia/L=Aachen/O=Aachen U of
> >
Tech/OU=ACME/CN=some.host.RWTH-Aachen.DE/Email=foobar_at_nowhere.org"
> > auto=add
> >
> > conn our_stuff
> > left=%defaultroute
> > leftsubnet=aaa.bbb.ccc.0/24
> > leftid="C=DE, ST=Bavaria, O=Some University, OU=Institute of
Common
> > Confusion,
CN=WWW.Confusion.Uni.DE/Email=dumb_at_some.where.net"
> >
> > On the Windoze host I'm using the following ipsec.conf file, together
with
> > Marcus Mueller's VPN tool:
> >
> > conn lkt-hostA
> > right=%any
> > left=xx.yy.zz.aa
> > leftsubnet=aaa.bbb.ccc.0/24
> > leftca="E = admin_at_uni.de, CN = Certification Authority, OU =
> > Institute of Common Confusion, O = University of Bavaria, L
=
> > Locality, S = Bavaria, C = DE"
> > network=both
> > auto=start
> > pfs=yes
> >
> > I've created key pairs for all three connection endpoints, i.e. one for
the
> > security gateway, and one each for the "road warriors." I've signed them
with
> > the CA's key, and imported them into Windoze XP (and FreeS/WAN on the
2nd
> > host.)
> >
> > All I get when I try to connect from the XP host is the following:
> >
> > May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: ignoring
Vendor
> > ID payload
> > May 13 18:40:30 Gateway Pluto[30572]: packet from g.h.i.j:500: initial
Main
> > Mode message received on xx.yy.zz.aa:500 but no connection has been
authorized
> >
> > Any idea how to debug and solve this problem?
> >
> > Thanks,
> >
> > Ralf
> >
> > PS: I hope I didn't "break" anything (i.e. present inconsistent data)
trying
> > to hide the correct hostnames/IP addresses.
> >
> > --
> > Sign the EU petition against SPAM: L I N U X .~.
> > http://www.politik-digital.de/spam/ The Choice /V\
> > of a GNU /( )\
> > Generation ^^-^^
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
>
> --
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> ===============================================================[ZHW]==
>
> Content Security by MailMarshal
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Vasiliy Boulytchev: "Re: [Users] freeswan list filtering"
Previous message: Francesco: "[Users] key exchanging"
In reply to: Andreas Steffen: "Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP"
Next in thread: Ralf G. R. Bergs: "Re: [Users] IPSec connection FreeS/WAN<->FreeS/WAN works, but NOT FS <-> WinXP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:59 CEST