From: Marc Mc Guinness (security_at_mcguinness.de)
Date: Mon Sep 16 2002 - 22:33:15 CEST
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (5 hits, 5 required)
SPAM: SUBJ_ENDS_IN_Q_MARK (-0.1 points) Subject: ends in a question mark
SPAM: PORN_12 (0.7 points) BODY: Uses words and phrases which indicate porn (12)
SPAM: PORN_10 (0.6 points) BODY: Uses words and phrases which indicate porn (10)
SPAM: PORN_4 (1.4 points) URI: Uses words and phrases which indicate porn (4)
SPAM: WEIRD_PORT (0.3 points) URI: Uses non-standard port number for HTTP
SPAM: MSG_ID_ADDED_BY_MTA_3 (1.1 points) 'Message-Id' was added by a relay (3)
SPAM: RCVD_IN_MULTIHOP_DSBL (1.0 points) RBL: Received via a relay in multihop.dsbl.org
SPAM: [RBL check: found 70.198.67.192.multihop.dsbl.org]
SPAM: X_RCVD_IN_UNCONFIRMED_DSBL (1.0 points) RBL: Received via a relay in unconfirmed.dsbl.org
SPAM: [RBL check: found 70.198.67.192.unconfirmed.dsbl.org]
SPAM: FUDGE_MULTIHOP_RELAY (-1.0 points) RBL: Do not double penalize if an IP is a multihop and an open relay
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
Hello!
I'm trying to connect a Win2k Roadwarrior to my VPN Gateway. The
Win2k client is within a network an has to go over a gateway. The
Linux VPN Server is also behind a gateway an secures a subnet
192.168.0.0/24:
RW -- WGW ---- Internet ---- GW -- Linux VPN Gateway -- 192.168.0.0
217.0.xxx.xxx is the external, dynamic address of the windows
roadwarrior gateway. (WGW)
192.168.100.15 is the private address of the windows roadwarrior.
(RW)
_____________________________________________________
18:45:05 spointr1 Pluto[3101]: packet from 217.0.xxx.xxx:500:
ignoring Vendor ID payload
Sep 16 18:45:05 spointr1 Pluto[3101]: "spoint-road" 217.0.xxx.xxx
#1: responding to Main Mode from unknown peer 217.0.xxx.xxx
Sep 16 18:45:05 spointr1 Pluto[3101]: "spoint-road" 217.0.xxx.xxx
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Sep 16 18:45:05 spointr1 Pluto[3101]: "spoint-road" 217.0.xxx.xxx
#1: no suitable connection for peer '192.168.100.15'
(the 2 log entries above repeat 4 times)
Sep 16 18:46:15 spointr1 Pluto[3101]: "spoint-road" 217.0.xxx.xxx
#1: max number of retransmissions (2) reached STATE_MAIN_R2
Sep 16 18:46:15 spointr1 Pluto[3101]: "spoint-road" 217.0.xxx.xxx:
deleting connection "spoint-road" instance with peer 217.0.xxx.xxx
_____________________________________________________
I tried following the steps from vpn.ebootis.de, but it is not
explained how to set up a Windows roadwarrior without X.509
certificates. I'm using preshared secret keys (PSK).
This is my ipsec.conf:
____________________________________
config setup
interfaces="%defaultroute"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=secret
auto=add
keylife=3600s
rekey=yes
auth=esp
pfs=yes
conn spoint-road
left=0.0.0.0
leftsubnet=
leftnexthop=
right=62.138.xxx.xx2
rightsubnet=192.168.0.0/24
rightnexthop=62.138.xxx.xx1
____________________________________
Has anybody succeeded in setting up an Windows 2000 roadwarrior
with PSK? Or is there an other GPL or Opensource solution for my
needs?
Best regards,
Marc
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Tue Sep 17 2002 - 05:20:06 CEST