IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] yup ! another win2k freeS/WAN problem

From: samir_at_eyetap.org
Date: Wed Jul 10 2002 - 17:01:43 CEST

nope no error msgs but
a "ps -efwww | grep pluto" returns the following ...

root 15852 1 0 10:57 pts/1 00:00:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--dump --load %search --start %search --wait --pre --post --log
daemon.error --pid /var/run/pluto.pid
root 15853 1 0 10:57 pts/1 00:00:00 logger -p daemon.error -t
ipsec__plutorun
root 15854 15852 0 10:57 pts/1 00:00:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug all --uniqueids yes --nocrsend
--dump --load %search --start %search --wait --pre --post --log
daemon.error --pid /var/run/pluto.pid
root 15855 15852 0 10:57 pts/1 00:00:00 /bin/sh
/usr/local/lib/ipsec/_plutoload --load %search --start %search --wait
--post
root 15859 15854 0 10:57 pts/1 00:00:00 /usr/local/lib/ipsec/pluto
--nofork --debug-all --uniqueids
root 15901 15859 0 10:57 pts/1 00:00:00 _pluto_adns -d 7 10

On Wed, 10 Jul 2002, Andreas Steffen wrote:

> According to your FreeS/WAN log, Pluto not even gets started. Do you
> see any error messages when you try to restart FreeS/WAN with
>
> ipsec setup restart
>
> Regards
>
> Andreas
>
> samir_at_eyetap.org wrote:
> >
> > attached are the logs from the win2k client and the linux server ...
> >
> > On Wed, 10 Jul 2002, Andreas Steffen wrote:
> >
> > > Without an excerpt from the log file nothing can be done!
> > >
> > > Andreas
> > >
> > > samir_at_eyetap.org wrote:
> > > > hi
> > > > i am trying to setup a ipsec tunnel between a win2k and linux box on the
> > > > same subnet. i've followed nate carlson's instructions very carefully and
> > > > not been successful. thereafter, i mucked with the ipsec.conf on both
> > > > sides, but still not results. after looking @ the logs on both machines,
> > > > oakley.log tells me that Negotiation timed out...
> > > > The log on the linux box doesn't even acknowledge that it has received any
> > > > packets. there are a couple of klips debug msgs and NO pluto msgs..
> > > > thereafter a tcpdump reveals that linux box isn't receiving any packets
> > > > form the win2k box ?! weird !
> > > > i suspect that something is failing very early in the connection
> > > > negotiation....
> > > > if any one can help me , that will be appreciated.
> > > >
> > > > win2k.ipsec.conf
> > > > conn me-to-test
> > > > right%any (also tried 138.100.16.39)
> > > > left=138.100.16.27
> > > > rightca="...."
> > > > network=auto
> > > > auto=start
> > > > pfs=yes
> > > >
> > > > linux.ipsec.conf
> > > > config setup
> > > > interfaces="ipsec0=eth0"
> > > > klipsdebug=all
> > > > plutodebug=all
> > > > plutoload=%search
> > > > plutostart=%search
> > > > uniqueids=yes
> > > >
> > > > conn %default
> > > > keyingtries=0
> > > > compress=yes
> > > > disablearrivalcheck=no
> > > > authby=rsasig
> > > > leftrsasigkey=%cert
> > > > rightrsasigkey=%cert
> > > >
> > > > conn me-to-test
> > > > right=%any (also tried 138.100.16.39)
> > > > left=138.100.16.27
> > > > leftcert=othello.pem
> > > > auto=add
> > > > pfs=yes
> > > >
> > > >
> > > >
> > > > samir
> >
>
> ======================================================================
> Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
> strongSec GmbH phone: +41 76 340 25 56
> Alter Zürichweg 20 home: http://www.strongsec.com
> CH-8952 Schlieren (Switzerland)
> ==========================================[strong internet security]==
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:20 CEST