[Users] road warrior problems

From: Perpe (lomeo_at_asplazio.it)
Date: Tue Nov 05 2002 - 17:29:06 CET

• Next message: George Gallen: "[Users] question regarding left & right"
• Previous message: Joe Philipps: "Re: [Users] ping goes to ipsec0, but not to ppp0"
• Next in thread: psnizek_at_belfin.ch: "RE: [Users] road warrior problems"
• Maybe reply: psnizek_at_belfin.ch: "RE: [Users] road warrior problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi list! I'm a new entry!
I have read a lot of VPN road warrior but my first connection is not ok.
Please help me!
Thanks in advance!

Perpe

My configuration
Red Hat 7.3 Kernel 2.4.19 freeswan 1.98b on server
SSh Sentinel 1.3 on windows xp

192.9.201.0/24 ===== 151.17.40.200------ 151.17.40.1-----------------
0.0.0.0

My ipsec.conf

config setup
         interfaces="ipsec0=eth1"
         klipsdebug=all
         plutodebug=none
         plutoload=%search
         plutostart=%search

conn %default
         keyingtries=0

conn linux-win
         keyingtries=1
         left=0.0.0.0
         leftnexthop=
         leftsubnet=
         right=151.17.40.200
         rightsubnet=192.9.201.0/24
         auto=add
         authby=secret

At boot of server I see ... ipsec 0k with these messages:
klips_debug:rj_walktree: processing leaves, rn=c7fbf898 rj_b=-3 rj_flags=6
leaf key = ffffffff->ffffffff
klips_debug:rj_walktree: while: base=00000000 rn=c7fbf868 rj_b=-3 rj_flags=6
leaf key = 00000000->00000000

Run diagnostigs on pc windows and it is not ok

My ipsec look:
vpnasp1 Tue Nov 5 16:10:09 CET 2002
ipsec0->eth1 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt
Iface
151.17.40.0 0.0.0.0 255.255.255.0 U 40 0 0
eth1
151.17.40.0 0.0.0.0 255.255.255.0 U 40 0 0
ipsec0

my ipsec auto --status
000 interface ipsec0/eth1 151.17.40.200
000
000 "linux-win"[1]:
192.9.201.0/24===151.17.40.200---151.17.40.1...62.11.24.87
000 "linux-win"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "linux-win"[1]: policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; unrouted
000 "linux-win"[1]: newest ISAKMP SA: #0; newest IPsec SA: #0; eroute
owner: #0
000 "linux-win": 192.9.201.0/24===151.17.40.200---151.17.40.1...%any
000 "linux-win": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "linux-win": policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; unrouted
000 "linux-win": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner:
#0
000
000 #27: "linux-win"[1] 62.11.24.87 STATE_MAIN_R1 (sent MR1, expecting MI2);
EVENT_RETRANSMIT in 3s
000 #38: "linux-win"[1] 62.11.24.87 STATE_MAIN_R1 (sent MR1, expecting MI2);
EVENT_RETRANSMIT in 6s
000 #30: "linux-win"[1] 62.11.24.87 STATE_MAIN_R1 (sent MR1, expecting MI2);
EVENT_RETRANSMIT in 17s
...............

In /var/log/secure i see:
Nov 5 16:06:55 vpnasp1 ipsec__plutorun: Starting Pluto subsystem...
Nov 5 16:06:55 vpnasp1 pluto[955]: Starting Pluto (FreeS/WAN Version 1.98b)
Nov 5 16:06:56 vpnasp1 pluto[955]: added connection description "linux-win"
Nov 5 16:06:56 vpnasp1 pluto[955]: listening for IKE messages
Nov 5 16:06:56 vpnasp1 pluto[955]: adding interface ipsec0/eth1
151.17.40.200
Nov 5 16:06:57 vpnasp1 pluto[955]: loading secrets from
"/etc/ipsec.secrets"
Nov 5 16:06:57 vpnasp1 sshd[1024]: Server listening on 0.0.0.0 port 22.
Nov 5 16:07:00 vpnasp1 pluto[955]: packet from 62.11.24.87:500: ignoring
Vendor ID payload
Nov 5 16:07:00 vpnasp1 pluto[955]: "linux-win"[1] 62.11.24.87 #1:
responding to Main Mode from unknown peer 62.11.24.87
Nov 5 16:07:07 vpnasp1 pluto[955]: packet from 62.11.24.87:500: ignoring
Vendor ID payload
Nov 5 16:07:07 vpnasp1 pluto[955]: "linux-win"[1] 62.11.24.87 #2:
responding to Main Mode from unknown peer 62.11.24.87
Nov 5 16:07:08 vpnasp1 pluto[955]: packet from 62.11.24.87:500: ignoring
Vendor ID payload
Nov 5 16:07:08 vpnasp1 pluto[955]: "linux-win"[1] 62.11.24.87 #3:
responding to Main Mode from unknown peer 62.11.24.87
Nov 5 16:07:10 vpnasp1 pluto[955]: packet from 62.11.24.87:500: ignoring
Vendor ID payload
Nov 5 16:07:10 vpnasp1 pluto[955]: "linux-win"[1] 62.11.24.87 #4:
responding to Main Mode from unknown peer 62.11.24.87

My ifconfig -a where there is a NOARP, is it the problem?

ipsec0 Link encap:Ethernet HWaddr 00:80:5F:EB:28:DD
          inet addr:151.17.40.200 Mask:255.255.255.0
          UP RUNNING NOARP MTU:16260 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: George Gallen: "[Users] question regarding left & right"
• Previous message: Joe Philipps: "Re: [Users] ping goes to ipsec0, but not to ppp0"
• Next in thread: psnizek_at_belfin.ch: "RE: [Users] road warrior problems"
• Maybe reply: psnizek_at_belfin.ch: "RE: [Users] road warrior problems"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Nov 06 2002 - 05:20:36 CET