[Users] Common Question...FreeS/WAN With SSH Sentinel

From: Chris Malott (chris_at_Sentry.net)
Date: Thu Sep 26 2002 - 22:48:16 CEST

• Next message: Ken Bantoft: "Re: [Users] ipsec hardware as part of a nic card..."
• Previous message: guy.matthewman_at_xdigi.de: "Autoreply: Re: [Users] Documentation problem...."
• Next in thread: Jussi Torhonen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Reply: Jussi Torhonen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Reply: Andreas Steffen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good afternoon all!

I've read about a lot of people having difficulties getting SSH Sentinel
to connect with FreeS/WAN. Myself, included. I have FreeS/WAN 1.98b with
the latest x.509 patch installed and running find. I can establish ipsec
connections via RSA keys just fine. However, after reading and following
the SSH and FreeS/WAN documentation and checking and rechecking myself for
errors, I still cannot get a test roadwarrior to establish a connection to
the freeswan SG.

Here is what I get in /var/log/secure

Sep 26 13:44:53 hawk2 pluto[1235]: packet from 192.168.0.91:500: ignoring
Vendor ID payload

Sep 26 13:44:53 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: responding
to Main Mode from unknown peer 192.168.0.91

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: ignoring
informational payload, type IPSEC_INITIAL_CONTACT

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: Peer ID is
ID_DER_ASN1_DN: 'C=US, ST=Oregon, L=Portland, O=My Company, OU=MIS,
CN=test_at_access.mydomain.com, E=test_at_access.mydomain.com'

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: Issuer CRL
not found

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: Issuer CRL
not found

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4: sent MR3,
ISAKMP SA established

Sep 26 13:44:54 hawk2 pluto[1235]: "rw-pdx"[2] 192.168.0.91 #4:
Informational Exchange message for an established ISAKMP SA must be
encrypted

VIA /var/log/secure I also see that pluto is loading the certs correctly
and as defined by SSH Communications doc. I've read a bit about others
with similar issues. But haven't found a definitive answer. Perhaps its
something simple. And perhaps its just some forgotten step or accidental
error. Any help is greatly appreciated.

Thanks,

Chris

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] ipsec hardware as part of a nic card..."
• Previous message: guy.matthewman_at_xdigi.de: "Autoreply: Re: [Users] Documentation problem...."
• Next in thread: Jussi Torhonen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Reply: Jussi Torhonen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Reply: Andreas Steffen: "Re: [Users] Common Question...FreeS/WAN With SSH Sentinel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sun Sep 29 2002 - 05:20:16 CEST