Re: [Users] HELP!!!

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Thu Oct 03 2002 - 22:42:02 CEST

• Next message: John A. Sullivan III: "Re: [Users] QuickMode rekey problem with directly attached network"
• Previous message: Igmar Palsenberg: "Re: [Users] Openssl & x509 & Certificate enrollment protocol"
• In reply to: Niel Harper: "[Users] HELP!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Do you use large X.509 certificates which could lead to fragmentation
of the UDP datagrams sent with MI3? Ipchains or Iptables firewall rules
discard IP fragments per default, so that the messages never reach
their destination.

Regards

Andreas

Niel Harper wrote:
> I have created a FreeS/Wan testing scenario at my job, but I cannot get
> it to work. I have two machines configured with FreeS/Wan. Let's call
> them Machine A and Machine B.
>
> Machine A
>
> (2) Two ethernet interface:
> eth0 - 192.168.10.2
> eth1
>
> Machine B
>
> (1) One ethernet interface
> eth0 - 192.168.10.1
>
> Machine A is connected to machine B using a crossover cables connecting
> eth0 on both machines. Both machines are running FreeS/Wan, but
> whenever I try to connect, I get the following message:
>
> STATE_MAIN_I1: initiate
> STATE_MAIN_I2: sent MI2, expecting MR2
> STATE_MAIN_I3: sent MI3, expecting MR3
> discarding duplicate packet, already STATE_MAIN_I3
> STATE_MAIN_I3: retransmission, will wait for 20s for response
> STATE_MAIN_I3: retransmission, will wait for 40s for response
> discarding duplicate packet, already STATE_MAIN_I3
> max number of retransmissions (2) reached STATE_MAIN_I3. Possible
> authentication failure: no acceptable response to our first encrypted
> message
> starting keying attempt 2 of an unlimited number, but releasing whack
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John A. Sullivan III: "Re: [Users] QuickMode rekey problem with directly attached network"
• Previous message: Igmar Palsenberg: "Re: [Users] Openssl & x509 & Certificate enrollment protocol"
• In reply to: Niel Harper: "[Users] HELP!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 04 2002 - 05:20:19 CEST