*****SPAM***** Re: [Users] FreeS/WAN sends junk to SSH Sentinel

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Thu Aug 08 2002 - 00:35:52 CEST

SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (6 hits, 5 required)
SPAM: NO_EXPERIENCE (4.2 points) BODY: No experience needed!
SPAM: NO_MX_FOR_FROM (1.8 points) No MX records for the From: domain
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------

This junk warning is normal. A certificate request message has a size
of 5 bytes which is padded to a multiple of 4 bytes resulting in
8 bytes. Therefore the 3 padding bytes are junk. The real error must be
somewhere else. I have no experience with the NAT-T patch therefore
I cannot help you with that.

Regards

Andreas

Henning Riis Rasmussen wrote:
> Hi all
>=20
> I'm still trying to make a roadwarrior connection through a NAT device =
to
> FreeS/WAN.
>=20
> Software used is SSH Sentinel 1.3.2 on Win2000 SP3 behind a NAT DSL rou=
ter.
>=20
> VPN gateway is Slackware 8.1 (kernel 2.4.18 with iptables 1.26a), with
> FreeS/WAN 1.97 patched with x509 v. 0.9.10 and NAT-T v. 0.2.
>=20
> I finally seem to have gotten the x509 certificates somewhat correct, b=
ut
> when Sentinel tries to connect to the FreeS/WAN gateway, something goes
> wrong making pluto complain that:
>=20
> Aug 7 16:46:58 firewall Pluto[30321]: "roadwarrior" 213.237.75.4 #1=
:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Aug 7 16:46:58 firewall Pluto[30321]: | sending 1580 bytes for
> retransmit in response to duplicate through eth2 to 213.237.75.4:500:
>=20
> While Sentinel complains that it gets junk:
>=20
> The remote server 62.79.81.246:500 is draft-ietf-ipsec-nat-t-ike-00
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> 0.0.0.0:500 (Initiator) <-> 62.79.81.246:500 { 4a78f6a9 59000005 -
> 68d973f0 c341f177 [-1] / 0x00000000 } IP; Warning, junk after packet le=
n =3D
> 200, decoded =3D 197
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> 0.0.0.0:500 (Initiator) <-> 62.79.81.246:500 { 4a78f6a9 59000005 -
> 68d973f0 c341f177 [-1] / 0x00000000 } IP; Connection timed out or error=
,
> calling callback
> Phase-1 [initiator] between der_asn1_dn(udp:500,[0..121]=3DC=3DDK,
> L=3DRoadwarrior, O=3DRise Data, CN=3DHenning Riis Rasmussen,
> MAILTO=3Dhrr_at_risedata.dk) and ipv4(udp:500,[0..3]=3D62.79.81.246) faile=
d;
> Timeout.
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
> unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknow=
n;
> Packet to unknown Isakmp SA, ip =3D 62.79.81.246:500
>=20
> What's going on?
>=20
> Regards,
> Henning
>=20
>=20
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

--=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Z=FCrichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D[strong internet secur=
ity]=3D=3D

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.4 : Thu Aug 08 2002 - 03:19:32 CEST