Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Wed Nov 27 2002 - 16:01:20 CET

• Next message: Fred de Klein: "[Users] Help needed"
• Previous message: Catalin Mihailescu: "[Users] I can't subscribe"
• In reply to: Thomas Braun: "[Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Next in thread: Thomas Braun: "Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Reply: Thomas Braun: "Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Thomas,

I sent you an answer, asking which PGPnet version you are using.
It seems that your PGPnet is not configured for X.509 certificates.

This is why a X.509 certificate request triggesr a notification
message. Are you using a professional PGPnet version, since the
freeware versions do not support X.509 certificate.

In any case you can try to put the option

  nocrsend=yes

into the config setup section ipsec.conf. This will suppress the
generation of an X.509 certificate request.

Regards

Andreas

Thomas Braun wrote:
> Hi Group,
>
> sorry for the big mail from yesterday.
>
> i get this error message in pgpnet:
>
> SARequest: 192.168.230.128 (0.0.0.0/0.0.0.0)
> New Identity Exchange - Initiator
> Initiating Phase 1 Keying
> Send: SA/Vendor/SENT
>
> Rcvd: exchange=Identity, firstPayload=SA, port=500
> Payloads:SA/
> Proposal Selected (I): RSA Sig, TripleDES
> Send: KE/Nonce/SENT
>
> Rcvd: exchange=Identity, firstPayload=KE, port=500
> Payloads:KE/Nonce/CertReq/
> Send: (E):Ident/
> New Informational Exchange - Initiator
> Send: Notify/SENT
>
> ALERT(L): 192.168.230.128, alert=UnsupportedExchange
> SAFailed: 192.168.230.128 (0.0.0.0/0.0.0.0)
> PGPError: -10988
>
>
> and this error message i get in freeswan
> Nov 27 10:55:58 zelda pluto[14046]: packet from 192.168.230.17:500:
> ignoring Vendor ID payload
> Nov 27 10:55:58 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1:
> responding to Main Mode from unknown peer 192.168.230.17
> Nov 27 10:56:00 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1: ignoring
> informational payload, type UNSUPPORTED_EXCHANGE_TYPE
> Nov 27 10:56:00 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1: received
> and ignored informational message
>
> What means it? I did not found an answer in the mailinglist archive.
>
> Im not subscribed on the list, the mailman 2.2 from freeswan do not
> want it.
>
> Please cc me.
>
> cu thomas
>
>
>
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Fred de Klein: "[Users] Help needed"
• Previous message: Catalin Mihailescu: "[Users] I can't subscribe"
• In reply to: Thomas Braun: "[Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Next in thread: Thomas Braun: "Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Reply: Thomas Braun: "Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:53 CET