Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] what's wrong? (new to the list...)

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Thu Jul 18 2002 - 01:11:19 CEST

Next message: Stephen J Bevan: "Re: [Users] win2k to frees/wan routing problem"
Previous message: Nate Carlson: "Re: [Users] win2k to frees/wan routing problem"
In reply to: Jesse Delima: "[Users] what's wrong? (new to the list...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Your setup in ipsec.conf is for an RSA based authentication using
X.509 certificates whereas your ipsec.secrets contains a preshared
secret. So if you want to use PSK then you must change to
authby=secret and discard the rightrsasigkey= statement.

Regards

Andreas

Jesse Delima wrote:
> Jul 17 18:03:20 mx pluto[2720]: packet from x.x.x.130:500: initial Main Mode
> message received on x.x.x.132:500 but no connection has been authorized
> Jul 17 18:03:30 mx pluto[2720]: packet from x.x.x.130:500: ignoring Vendor
> ID payload
>
> what's wrong?...
>
> my FreeS/WAN host is a linux box, 2.4.18 kernel version
> and this is my ipsec.conf:
> config setup
> interfaces="%defaultroute"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> plutowait=no
> uniqueids=yes
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> keyexchange=ike
> ikelifetime=240m
> keylife=60m
> pfs=yes
> compress=no
> authby-rsasig
> right=%any
> rightrsasigkey=%cert
> left=x.x.x.132
> leftnexthop=x.x.x.129
> leftcert=freeswan_cert.pem
> auto=add
> conn RW_Cert_VPN
> type=tunnel
> leftsubnet=192.168.0.0/24
> conn RW_Cert_SecuredConnection
> type=transport
>
> this is my ipsec.secrets
> x.x.x.132 %any : PSK "0x0bbfc985"
>
> ii'm using ssh sentinel to make sa secured connection with the FreeS/WAN
> host....and i'm using a pre-shared-key
>
> thanks....
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Stephen J Bevan: "Re: [Users] win2k to frees/wan routing problem"
Previous message: Nate Carlson: "Re: [Users] win2k to frees/wan routing problem"
In reply to: Jesse Delima: "[Users] what's wrong? (new to the list...)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:24 CEST