Re: [Users] Probs with FreeS/Wan and a masq IP

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Mon Aug 19 2002 - 08:56:03 CEST

• Next message: Rosewood: "RE: [Users] Freeswan Support Options"
• Previous message: Thomas Will: "Re: [Users] freeswan-x509 <-> freeswan-x509"
• In reply to: Thomas_Heidkamp_at_hks-net.de: "[Users] Probs with FreeS/Wan and a masq IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear Thomas,

You need

   rightsubnet=192.168.1.2/32

but in ipsec.conf you define

   rightsubnet=192.168.1.0/32

This is probably a typo

Regards

Andreas

Thomas_Heidkamp_at_hks-net.de wrote:
> Hey there,
> I think there seem to be a bug in FreeS/WAN.
>
> With a single Workstation (win2000,Sentinel) , directly connected to the
> Internet
> I can connect to my FreeS/WAN linux box.
>
> But when I put a hardware router in front of my Win2000 box and try to
> connect,
> my Linux box says, he has no connection defined.. But there is the
> connection defined in my Ipsec.conf !
>
> Look at my config and at the log.
>
> Is there a bug ???
>
> # basic configuration
> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> uniqueids=yes
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> keyexchange=ike
> ikelifetime=240m
> keylife=30m
> pfs=yes
> compress=no
> authby=rsasig
> right=%any
> rightrsasigkey=%cert
> left=212.93.30.252
> leftnexthop=212.93.30.250
> leftcert=freeswan_cert.pem
> auto=add
>
> conn laptop_zuhause_netz
> type=tunnel
> leftsubnet=192.168.133.0/24
> rightsubnet=192.168.1.0/32
> conn laptop_zuhause
> type=tunnel
> leftsubnet=192.168.133.0/24
>
>
> And here my log file :
>
> Aug 17 15:33:20 firewall pluto[1810]: "laptop_zuhause"[1] 212.62.83.225 #1:
> sent MR3, ISAKMP SA established
> Aug 17 15:33:20 firewall pluto[1810]: "laptop_zuhause"[1] 212.62.83.225 #1:
> cannot respond to IPsec SA request because no connection is known for
> 192.168.133.0/24===212.93.30.252[C=de, ST=nrw, L=paderborn, O=hks,
> CN=firewall.hks-net.de,
> E=thomas_Heidkamp_at_hks-net.de]...212.62.83.225[CN=thomas_heidkamp_at_yahoo.de]
> ===192.168.1.2/32
> Aug 17 15:33:20 firewall pluto[1810]: "laptop_zuhause"[1] 212.62.83.225 #1:
> sending encrypted notification INVALID_ID_INFORMATION to 212.62.83.225:500
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Rosewood: "RE: [Users] Freeswan Support Options"
• Previous message: Thomas Will: "Re: [Users] freeswan-x509 <-> freeswan-x509"
• In reply to: Thomas_Heidkamp_at_hks-net.de: "[Users] Probs with FreeS/Wan and a masq IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:19:45 CEST