[Users] FreeS/WAN sends junk to SSH Sentinel

From: Henning Riis Rasmussen (hrr_at_indbakke.dk)
Date: Wed Aug 07 2002 - 18:21:08 CEST

Hi all

I'm still trying to make a roadwarrior connection through a NAT device to
FreeS/WAN.

Software used is SSH Sentinel 1.3.2 on Win2000 SP3 behind a NAT DSL router.

VPN gateway is Slackware 8.1 (kernel 2.4.18 with iptables 1.26a), with
FreeS/WAN 1.97 patched with x509 v. 0.9.10 and NAT-T v. 0.2.

I finally seem to have gotten the x509 certificates somewhat correct, but
when Sentinel tries to connect to the FreeS/WAN gateway, something goes
wrong making pluto complain that:

   Aug 7 16:46:58 firewall Pluto[30321]: "roadwarrior" 213.237.75.4 #1:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
   Aug 7 16:46:58 firewall Pluto[30321]: | sending 1580 bytes for
retransmit in response to duplicate through eth2 to 213.237.75.4:500:

While Sentinel complains that it gets junk:

   The remote server 62.79.81.246:500 is draft-ietf-ipsec-nat-t-ike-00
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   0.0.0.0:500 (Initiator) <-> 62.79.81.246:500 { 4a78f6a9 59000005 -
68d973f0 c341f177 [-1] / 0x00000000 } IP; Warning, junk after packet len =
200, decoded = 197
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   0.0.0.0:500 (Initiator) <-> 62.79.81.246:500 { 4a78f6a9 59000005 -
68d973f0 c341f177 [-1] / 0x00000000 } IP; Connection timed out or error,
calling callback
   Phase-1 [initiator] between der_asn1_dn(udp:500,[0..121]=C=DK,
L=Roadwarrior, O=Rise Data, CN=Henning Riis Rasmussen,
MAILTO=hrr_at_risedata.dk) and ipv4(udp:500,[0..3]=62.79.81.246) failed;
Timeout.
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500
   unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown;
Packet to unknown Isakmp SA, ip = 62.79.81.246:500

What's going on?

Regards,
Henning

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.4 : Wed Aug 07 2002 - 21:19:33 CEST