From: martin f krafft (madduck_at_madduck.net)
Date: Wed Oct 30 2002 - 09:18:00 CET
also sprach Andreas Steffen <andreas.steffen_at_strongsec.net> [2002.10.30.0754 +0100]:
> What connection definition is shown if you type
>
> ipsec auto --status
the two are attached. it's quite interesting to see that albatros
seems to support more ESP ciphers and authentication methods, even
though they both use the same software with the same configuration.
fishbowl is left, albatros is right btw.
> after you have started up pluto on both sides? Are there
> any error messages in the log during startup?
left, which is started first:
# i don't think these four really matter, do they?
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
could not open my default X.509 cert file '/etc/x509cert.der'
OpenPGP certificate file '/etc/pgpcert.pgp' not found
# then this:
loaded host cert file '/etc/ipsec.d/private/fishbowl.dyn.madduck.net.pem'
(1751 bytes)
no passphrase available
---> the line in ipsec.secrets is:
: RSA /etc/ipsec.d/private/fishbowl.dyn.madduck.net.pem "password"
"gate-albatros" #1: ERROR: asynchronous network error report on eth0
for message to 217.162.173.237 port 500, complainant
217.162.173.237: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
then i start the right side:
# we get the same errors about the CRL directory, the missing
# x509cert.de and pgpcert.pgp files, it loads the host cert file and
# complains that there is no passphrase available, even though
# ipsec.secrets is set just like on the left side.
#
# and then:
"gate-albatros" #1: initiating Main Mode
"gate-albatros" #1: ignoring informational payload, type
INVALID_ID_INFORMATION
"gate-albatros" #2: responding to Main Mode
"gate-albatros" #2: Peer ID is ID_IPV4_ADDR: '80.218.18.6'
"gate-albatros" #2: no suitable connection for peer '80.218.18.6'
"gate-albatros" #2: sending notification INVALID_ID_INFORMATION to
80.218.18.6:500
to which the left side then says:
"gate-albatros" #2: responding to Main Mode
"gate-albatros" #2: Peer ID is ID_IPV4_ADDR: '217.162.173.237'
"gate-albatros" #2: Issuer CRL not found
"gate-albatros" #2: Issuer CRL not found
"gate-albatros" #2: no suitable connection for peer '217.162.173.237'
"gate-albatros" #2: sending notification INVALID_ID_INFORMATION
to 217.162.173.237:500
"gate-albatros" #1: ignoring informational payload, type
INVALID_ID_INFORMATION
This lines, prefixed with #1 and #2 will just repeat over and over,
incrementing the numbers...
Thanks for your time!
-- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net_at_madduck every nonzero finite dimensional inner product space has an orthonormal basis.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET