IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Road warrior error.. (Oh my god!!) (Correction)

From: rgomes2_at_trust.com.br
Date: Thu May 23 2002 - 21:20:40 CEST

('binary' encoding is not supported, stored as-is) Andreas,

Doesn`t look like this... have a look below

000 interface ipsec0/eth0 200.192.47.4
000
000 "vpn" instance:
10.1.2.0/24===200.192.47.4[@vpngateway.trust.com.br]---200.192.47.1...200.
192.47.43
000 "vpn" instance: ike_life: 14400s; ipsec_life: 1200s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "vpn" instance: policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
unrouted
000 "vpn" instance: newest ISAKMP SA: #0; newest IPsec SA: #0; eroute
owner: #0
000 "vpn":
10.1.2.0/24===200.192.47.4[@vpngateway.trust.com.br]---200.192.47.1...%any
000 "vpn": ike_life: 14400s; ipsec_life: 1200s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "vpn": policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
unrouted
000 "vpn": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000 #4: "vpn" 200.192.47.43 STATE_MAIN_R2 (sent MR2, expecting MI3);
EVENT_RETRANSMIT in 4s

Robson

> What connection definitions do you see when you type
>
> ipsec auto --status
>
> The peer end should look something like
>
> 200.192.47.43[CN=suporte.trust.com.br]...
>
> Is this the case?
>
> Regards
>
> Andreas
>
> rgomes2_at_trust.com.br wrote:
> >
> > Hi Sam,
> >
> > First, thanks for your help!
> >
> > I Did some changes here and now I`v found a diferrent error...
> >
> > May 23 13:33:18 vpngateway Pluto[11239]: "vpn" 200.192.47.43 #3: Issuer
> > CRL not found
> > May 23 13:33:18 vpngateway Pluto[11239]: "vpn" 200.192.47.43 #3: Issuer
> > CRL not found
> > May 23 13:33:18 vpngateway Pluto[11239]: "vpn" 200.192.47.43 #3: no
> > suitable connection for peer 'CN=suporte.trust.com.br'
> > May 23 13:34:00 vpngateway Pluto[11239]: "vpn" 200.192.47.43 #2: max
> > number of retransmissions (2) reached STATE_MAIN_R2
> > May 23 13:34:27 vpngateway Pluto[11239]: "vpn" 200.192.47.43 #3: max
> > number of retransmissions (2) reached STATE_MAIN_R2
> > May 23 13:34:27 vpngateway Pluto[11239]: "vpn" 200.192.47.43: deleting
> > connection "vpn" instance with peer 200.192.47.43
> >
> > I`v tried to change the CN from the e-mail address to my hostname.. but
> > nothing yet.. Do know you what could be wrong !??? I've tried to
> search
> > on the mailing list archive but nothing helpful.. :((( I believe that is
> > a "little" problem... (for those people who realy undestand
> fresswan like you).
> >
> > Thanks for your help!
> >
> > Robson
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > >
> > > On Thu, 23 May 2002 rgomes2_at_trust.com.br wrote:
> > >
> > > > Hello All,
> > > >
> > > > May 23 09:05:57 vpngateway Pluto[6876]: "RW_Cert_SecuredConnection"
> > > > 200.192.2.43 8: ignoring informational payload, type
> > > IPSEC_INITIAL_CONTACT
> > > > May 23 09:05:57 vpngateway Pluto[6876]: "RW_Cert_SecuredConnection"
> > > > 200.192.2.43 8: Peer ID is ID_DER_ASN1_DN: 'C=BR, ST=SP, L=S?o
> Paulo,
> > > > O=Trust Consultores, OU=Desenvolvimento, CN=rgomes_at_trust.com.br,
> > > > E=rgomes_at_trust.com.br'
> > > > ay 23 09:05:57 vpngateway Pluto[6876]: "RW_Cert_SecuredConnection"
> > > > 200.192.2.43 8: sent MR3, ISAKMP SA established
> > > > May 23 09:05:57 vpngateway Pluto[6876]: "RW_Cert_SecuredConnection"
> > > > 200.192.2.43 8: Informational Exchange message for an
> established ISAKMP
> > > > SA must be encrypted
> > >
> > > The Informational Exchange message is SSH Sentinel trying to tell
> > > FreeS/WAN that it has a problem. Check SSH Sentinel's logs to see what
> > > error it is encountering. In many cases, this sort of error
> > > indicates a certificate problem.
> > >
> > > Sam Sgro
> > > sam_at_freeswan.org
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: 2.6.3ia
> > > Charset: noconv
> > > Comment: For the matching public key, finger the Reply-To: address.
> > >
> > > iQCVAwUBPO0aBkOSC4btEQUtAQF3BgQAr8bGQc5ZfSn9HyMI5U83ddKPO78CibSx
> > > +DpxIJqCrTSkC3wP3HlbRFdyJEGWCIK0WXiXkI18G5cd+i24Y2DkAmzPonIkYpHB
> > > JjJ9JPvAI+vo80PUQc/8rw0gKyC4TilKCCX8S9AaVXzH2M1kSCKf7NlYyRm2lB2w
> > > 9OCrrn+J4+w=
> > > =tYgN
> > > -----END PGP SIGNATURE-----
> > >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
>
> --
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
> Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
> CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
> ===============================================================[ZHW]==
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:05 CEST