From: Kaustubh.Kumbhalkar_at_lntinfotech.com
Date: Thu Oct 03 2002 - 12:34:46 CEST
the installation is up now ,
first problem was that IP compression was enabled.
this was fixed but then packets were shown as being truncated by tcpdump,
i was getting the 'truncated packet' message whenever tcpdump was run on
either one of the IPsec enabled machines that were communicating with each
other.
when the packets are observed on a third machine not involved in the
communication of machine 1 and 2 the packets are shown properly .
(why? )
thanks and regards.
Monday, 30 September 2002 1:18 PM
To: <Kaustubh.Kumbhalkar_at_lntinfotech.com>, <users_at_lists.freeswan.org>
cc:
From: "Gessler Gerhard" <Gessler_at_iabg.de>
Subject: RE: [Users] Starting IPsec6
Hi,
I need more information to tell whats going wrong.
Used setup and IPv6 addresses, ipsec.conf, logging, SPD (via "ipsec spd6")
etc.
Gerhard
> -----Original Message-----
> From: Kaustubh.Kumbhalkar_at_lntinfotech.com
> [mailto:Kaustubh.Kumbhalkar_at_lntinfotech.com]
> Sent: Thursday, September 26, 2002 9:18 PM
> To: Gessler Gerhard; users_at_lists.freeswan.org
> Subject: RE: [Users] Starting IPsec6
>
>
> in continuation with my previous mail . ...
> it seems that the authentication is failing in all cases ( i.e
> tunnel/transport with or without AH/ESP ).
> the 2 machines keep sending packets to each other in a loop
> for sometime
> ,and everytime authentication fails at each end .
> correpondingly the packet
> size also keeps growing. i suppose these are ICMP messages
> .(am i right?)
>
> any suggestions what could be causing this...
>
> thanks for ur suggestions i was able to get accross the ph
> I and ph II
> exchanges.
>
>
> Friday, 27 September 2002 4:29 PM
> To: <Kaustubh.Kumbhalkar_at_lntinfotech.com>,
> <users_at_lists.freeswan.org>
> cc:
> From: "Gessler Gerhard" <Gessler_at_iabg.de>
> Subject: RE: [Users] Starting IPsec6
>
>
>
> > -----Original Message-----
> > From: Kaustubh.Kumbhalkar_at_lntinfotech.com
> > [mailto:Kaustubh.Kumbhalkar_at_lntinfotech.com]
> > Sent: Thursday, September 26, 2002 9:39 AM
> > To: users_at_lists.freeswan.org
> > Subject: [Users] Starting IPsec6
> >
> >
>
> Hi,
>
> [snipped some commands]
>
> your given commands look fine.
>
> > it proceeds upto STATE_MAIN_I3: expecting MR3
> > but beyond that it starts retransmitting the message
> > probably because the
> > encrypted packet is not decrypted at machine2 and no
> > response is recieved
> > by machine 1.
>
> Please have a look at the logfile produced on machine2
> (the responder) if you have logging enabled in Pluto.
> It probably writes there that it can not authenticate
> the message received from machine1.
>
> How are you doing ISAKMP authentication?
> Pre-shared secret? RSA-Keys?
>
> If you use PSK then the two secrets in /etc/ipsec.secrets
> do not match or the IPv6 addresses are not correct.
> If you use RSA-Keys then
> (1) something went probably wrong when you copied
> the keys from ipsec.secrets to ipsec.conf
> (2) the given id's in ipsec.conf do not match
>
> Hope this helps. If not then please give more us
> information (used setup and addresses, ipsec.conf,
> logging etc)
>
> Cheers,
>
> Gerhard
>
> > iam not able to proceed beyond this .
> > is there a configuration step i have overlooked.?
> >
> > thanks and regards.
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> >
>
> --------------------------------------------
> Gerhard Geßler
>
> Communication Networks, IABG mbH
> Einsteinstr. 20
> 85521 Ottobrunn, Germany
>
> Telefon: +49 89 6088 - 2021
> Fax: +49 89 6088 - 2845
>
> E-Mail: gessler_at_iabg.de
>
>
--------------------------------------------
Gerhard Geßler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: gessler_at_iabg.de
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Oct 04 2002 - 05:20:19 CEST