IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] FreeSwan IPSEC with Suse 7.1 and winXP - no connection

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Sun Jun 30 2002 - 13:11:29 CEST

Hi,

Version 1.8.0 is really very old. It came with X.509 patch
version 0.8 which lacks most of the features the patch has now.
Download the README for version 0.8 from the distribution found
under

   http://www.strongsec.com/freeswan/old.htm

and you'll see how this version must be configured.

Regards

Andreas

Karlheinz Blank & Petra Vallaitis wrote:
> hi,
> since a few days im trying to setup my suse 7.1 talking to a WinXP via
> IPSEC and FreeSwan.
> For this scenario I wanted to use certificates (issued by openssl).
> Currently my SuSE Linux is using Version 1.8.0 of FreeSwan. I know this
> version is quite old; I tried to compile the most recent version of
> FreeSwan. The config/compile of FreeSwan is telling me that I have to
> recompile the Standard-Suse-Kernel. And I really would like to avoid
> it......
>
> Is there anybody out there who has a running solution with these
> components?
> I tried to use the doc of Natecarlson to do the setup:
>
> - creating certificates for my Suse box and XP
> - ipsec.config of Suse:
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=192.168.100.0/16
> leftid="C=DE,O=xy GmbH,CN=CA"
> conn charlie
> right=%any
> auto=add
> - during start of ipsec on Suse:
> ipsec_setup: Starting FreeS/WAN IPSEC 1.8...
> ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may
> not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be
> 0)
> ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not
> work
> ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
> ipsec_setup: whack error: "charlie" unexpected argument "GmbH,CN=CA"
> ipsec_setup: whack error: PSK data malformed (input does not begin with
> format prefix "%cert"
> ipsec_setup: whack error: PSK data malformed (input does not begin with
> format prefix "%cert"
> ipsec_setup: 003 no secrets filename matched "/etc/ipsec.secrets"
> This sounds bad, doesn't it! ??
>
> - ipsec.conf auf XP:
> conn charlie
> left=%any
> right=xy.dyndns.org
> rightsubnet=192.168.100.0/255.255.255.0
> rightca="C=DE,O=xy GmbH,CN=CA,Email=info_at_xy.com"
> network=both
> auto=start
> pfs=yes
> - using the ipsec Tool of Marcus Müller on XP: ipsec.exe is telling me
> 'negotiating'.
> I don't get a connection - what I've expected so far.
>
> Any tipps and help?
>
> What has to be included in ipsec.secrets?
>
> Thanks
> Karlheinz
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users 

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST