[Users] Bintec X2300 connection to FreeSWAN won't

From: Henning Holtschneider (hh_at_loca.net)
Date: Tue Oct 22 2002 - 10:02:00 CEST

• Next message: Sam Sgro: "Re: [Users] opportunistic encryption"
• Previous message: Sam Sgro: "Re: [Users] About installing Freeswan to linux kernel 2.2.20"
• Next in thread: Henning Holtschneider: "Re: [Users] Bintec X2300 connection to FreeSWAN won't"
• Maybe reply: Henning Holtschneider: "Re: [Users] Bintec X2300 connection to FreeSWAN won't"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I'm trying to connect a Bintec X2300i with IPSec software 2.1.1 to a
Freeswan 1.97 machine. I've successfully done this before using another
Bintec and IPsec software 1.0.8. However, Bintec seems to have changed a
lot in the IPsec implementation so the old tricks don't work anymore :-/

I've set up the connection as I would have with the old IPsec software but
when I try to bring the tunnel up, I get these messages on the Bintec:

16:16:35 DEBUG/IPSEC: BinTec IPsec driver version 2.1.1
16:16:35 DEBUG/IPSEC: SPD: adding new own certificate for <CN=router-somewhere.somedomain.de, OU=EDV, O=Company, ST=NRW, C=DE> (altnames: [none]), using key no. 1 ("automatic key RSA 1024 (e 65537)").
16:16:35 DEBUG/IPSEC: SPD: adding new CA certificate for <MAILTO=postmaster_at_somedomain.de, CN=gatekeeper.somedomain.de, OU=EDV, O=Company, L=Duisburg, ST=NRW, C=DE>
16:16:35 DEBUG/IPSEC: SPD: using pre IPSec traffic 1, peer chain 1, post IPSec traffic 0
16:16:46 DEBUG/IPSEC: Phase-1 [initiator] between der_asn1_dn(udp:500,[0..101]=C=DE, ST=NRW, O=Company, OU=EDV, CN=router-somewhere.somedomain.de) and der_asn1_dn(any:0,[0..94]=C=DE, ST=NRW, O=Company, OU=EDV, CN=gatekeeper.somedomain.de) for peer 1, traffic 2 done.
16:16:46 DEBUG/IPSEC: Can not get QM policy for ipv4(icmp:0,[0..3]=192.168.50.254) <-> ipv4(icmp:0,[0..3]=10.0.0.1)
16:16:46 DEBUG/IPSEC: Can not get QM policy for ipv4(icmp:0,[0..3]=192.168.50.254) <-> ipv4(icmp:0,[0..3]=10.0.0.1)
[...]

I've read Markus Koellner's message in the archives
(http://lists.freeswan.org/pipermail/users/2002-May/010652.html) but his
suggestions didn't help (i.e. I do have a traffic list with the correct
local/remote addresses on the Bintec and I've also tried to remove the
left or right subnet definitions on the Freeswan side). Any ideas?

Thanks,

     <-gninneH<-

--
   __                 _  __    __   Henning Holtschneider
  / /  ___  _______ _/ |/ /__ / /_  <henning_at_loca.net>
 / /__/ _ \/ __/ _ `/    / -_) __/
/____/\___/\__/\_,_/_/|_/\__/\__/  ...net happens!
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] opportunistic encryption"
• Previous message: Sam Sgro: "Re: [Users] About installing Freeswan to linux kernel 2.2.20"
• Next in thread: Henning Holtschneider: "Re: [Users] Bintec X2300 connection to FreeSWAN won't"
• Maybe reply: Henning Holtschneider: "Re: [Users] Bintec X2300 connection to FreeSWAN won't"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 15 2002 - 05:20:48 CET