Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection

From: Karlheinz Blank & Petra Vallaitis (zuckerhasi_at_gmx.de)
Date: Sat Jun 29 2002 - 23:26:24 CEST

Next message: Brian: "[Users] Updated road warrior config (firewall section included)"
Previous message: Fred Mobach: "Re: [Users] Routing over tunnel"
Next in thread: Andreas Steffen: "Re: [Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection"
Reply: Andreas Steffen: "Re: [Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi,
since a few days im trying to setup my suse 7.1 talking to a WinXP via
IPSEC and FreeSwan.
For this scenario I wanted to use certificates (issued by openssl).
Currently my SuSE Linux is using Version 1.8.0 of FreeSwan. I know this
version is quite old; I tried to compile the most recent version of
FreeSwan. The config/compile of FreeSwan is telling me that I have to
recompile the Standard-Suse-Kernel. And I really would like to avoid
it......

Is there anybody out there who has a running solution with these
components?
I tried to use the doc of Natecarlson to do the setup:

- creating certificates for my Suse box and XP
- ipsec.config of Suse:
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=%defaultroute
leftsubnet=192.168.100.0/16
leftid="C=DE,O=xy GmbH,CN=CA"
conn charlie
right=%any
auto=add
- during start of ipsec on Suse:
ipsec_setup: Starting FreeS/WAN IPSEC 1.8...
ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may
not work
ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be
0)
ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not
work
ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
ipsec_setup: whack error: "charlie" unexpected argument "GmbH,CN=CA"
ipsec_setup: whack error: PSK data malformed (input does not begin with
format prefix "%cert"
ipsec_setup: whack error: PSK data malformed (input does not begin with
format prefix "%cert"
ipsec_setup: 003 no secrets filename matched "/etc/ipsec.secrets"
This sounds bad, doesn't it! ??

- ipsec.conf auf XP:
conn charlie
left=%any
right=xy.dyndns.org
rightsubnet=192.168.100.0/255.255.255.0
rightca="C=DE,O=xy GmbH,CN=CA,Email=info_at_xy.com"
network=both
auto=start
pfs=yes
- using the ipsec Tool of Marcus Müller on XP: ipsec.exe is telling me
'negotiating'.
I don't get a connection - what I've expected so far.

Any tipps and help?

What has to be included in ipsec.secrets?

Thanks
Karlheinz

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Brian: "[Users] Updated road warrior config (firewall section included)"
Previous message: Fred Mobach: "Re: [Users] Routing over tunnel"
Next in thread: Andreas Steffen: "Re: [Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection"
Reply: Andreas Steffen: "Re: [Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST