Hy,
I installed freeswan last week to use it as an VPN Gateway for a
Windows2k machine.
On Windows 2000 i installed ssh sentinel V1.3.1(build9)
I created the x.509 certs, like the descriptions from stronsec.com.
Heres my failure from auth.log on the gateway, when i diagnostic the
VPN-Con from sentinel.
Jun 13 23:47:28 pro2 Pluto[10751]: packet from 217.234.11.46:500:\
ignoring Vendor ID payload
Jun 13 23:47:28 pro2 Pluto[10751]: packet from 217.234.11.46:500:\
initial Main Mode message received on a.b.c.d:500 but no\
connection has been authorized
where pro2 = name of my vpn gateway
and 217.234.11.46 = dynamic IP from DSL Provider
and a.b.c.d = static, official Gateway IP
I read the documentations from strongsec.com from Nadeem Hasan, and the
pdf descriptions from ssh.com
The Windows2k Machine stand in my local private network behind a
linux machine NATing it with the dynamic IP.
The IPtables on the priv.linux gateway and the vpn.gateway don't reject
the Pakets from sentinel.
Here is my ipsec.conf on my vpn Gateway
#/etc/ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyexchange=ike
ikelifetime=240m
keylife=60m
compress=no
authby=rsasig
keyingtries=0
pfs=yes
leftcert=pro2.vpn.gw.cert.pem
right=%any
rightrsasigkey=%cert
auto=add
conn losjetzt
type=tunnel
leftsubnet=192.168.0.0/24
My aim is, to get a very simple installation of a windows2000 vpn client
wich can connect to my vpn gateway.
Sorry if this is a FAQ, but i didnt find anything about the
error-message googling with "initial Main Mode message"
I'm subscribed since a few days only, and the archive is not searchable.
Regards
Christoph
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST