[Users] Error at starting IPSec connection

From: sooguri_at_icu.ac.kr
Date: Sat Nov 09 2002 - 09:18:33 CET

• Next message: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Previous message: Noel Kelly: "Re: [Users] Super FreeS/WAN 1.99_kb1 - Unresolved symbols"
• Next in thread: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Reply: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear All.

I am trying to establish IPsec tunnel between static host and Mobile host using transport mode. Mobile host is road warrior and connected by wireless LAN.

I am quite new to IPSec.

From the just beginning, I can't procede any more due to an error.

Free S/WAN is intalled on LINUX 8.0 ( kernel version : 2.4.18-14 )
Free S/WAM version : 1.99

The configuration in ipsec.conf is as follows

ipsec.conf at static host

  conn road
    type=transport
    left=210.107.131.208
    leftid=@v31-208.icu.ac.kr
  # leftsubnet=210.107.131.208/32
    leftrsasigkey=0sAQOY
  # rightnexthop=%defaultroute
    right=%any
    rightid=@road.icu.ac.kr
    rightrsasigkey= 0sAQN
    auto=add

ipsec.conf at mobile host

  conn road
    type=transport
    left=%defaultroute
  # leftnexthop=%defaultroute
    leftid=@road.icu.ac.kr
    leftrsasigkey=0sAQN5A
    right=210.107.131.208
  # rightsubnet=210.107.131.208/32
    rightid=@v31-208.icu.ac.kr
    rightrsasigkey=0sAQOY
    auto=add

I tried to make a tunnel from mobile host to static host, but failed.

following error message came up

 # ipsec auto --up road
 104 "road" #1: STATE_MAIN_I1: initiate
 010 "road" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
 010 "road" #1: STATE_MAIN_I1: retransmission; will wait 40s for response
 031 "road" #1: max number of retransmissions (2) reached STATE_MAIN_I1. No acceptable response to our first IKE message
 000 "road" #1: starting keying attempt 2 of at most 2, but releasing whack


Error message from running "ipsec barf" on static host is as follows.

 Nov 9 14:49:18 v31-208 pluto[2462]: "road"[3] 210.107.132.187 #25: responding to Main Mode from unknown peer 210.107.132.187
 Nov 9 14:49:18 v31-208 pluto[2462]: "road"[3] 210.107.132.187 #25: ERROR: asynchronous network error report on eth0 for message to 210.107.132.187 port 500, complainant 210.107.132.187: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]


Has anyone any ideas I can try to get it working.

Thanks for your time

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Previous message: Noel Kelly: "Re: [Users] Super FreeS/WAN 1.99_kb1 - Unresolved symbols"
• Next in thread: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Reply: Sam Sgro: "Re: [Users] Error at starting IPSec connection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sun Nov 10 2002 - 05:20:37 CET