Re: [Users] Freeswan-1.99-x509-Patch -> pgpnet 7.0.3

From: Thomas Braun (tb_at_westend.com)
Date: Wed Nov 27 2002 - 16:35:21 CET

Andreas Steffen wrote:

Hi Andreas,

>
>
> I sent you an answer, asking which PGPnet version you are using.
> It seems that your PGPnet is not configured for X.509 certificates.

>
> This is why a X.509 certificate request triggesr a notification
> message. Are you using a professional PGPnet version, since the
> freeware versions do not support X.509 certificate.

Thx for your answer.
Yes i'am using the freeware PGPnet version 7.0.3 .
Is it not possible to connect to freeswan with x509 Patch with this
version ?
Or is there a other workaround?

cu thomas.

i have added the command and know comes this error message.

SARequest: 192.168.230.128 (0.0.0.0/0.0.0.0)
    New Identity Exchange - Initiator
Initiating Phase 1 Keying
Send: SA/Vendor/SENT

Rcvd: exchange=Identity, firstPayload=SA, port=500
    Payloads:SA/
    Proposal Selected (I): RSA Sig, TripleDES
Send: KE/Nonce/SENT

Rcvd: exchange=Identity, firstPayload=KE, port=500
    Payloads:KE/Nonce/
Send: (E):Ident/
    New Informational Exchange - Initiator
Send: Notify/SENT

ALERT(L): 192.168.230.128, alert=UnsupportedExchange
SAFailed: 192.168.230.128 (0.0.0.0/0.0.0.0)
    PGPError: -10988
Rcvd: exchange=Identity, firstPayload=KE, port=500
ALERT(L): 192.168.230.128, alert=InvalidExchange
Rcvd: exchange=Identity, firstPayload=KE, port=500
ALERT(L): 192.168.230.128, alert=InvalidExchange

>
>
> In any case you can try to put the option
>
> nocrsend=yes
>
> into the config setup section ipsec.conf. This will suppress the
> generation of an X.509 certificate request.
>
> Regards
>
> Andreas
>
> Thomas Braun wrote:
>
>> Hi Group,
>>
>> sorry for the big mail from yesterday.
>>
>> i get this error message in pgpnet:
>>
>> SARequest: 192.168.230.128 (0.0.0.0/0.0.0.0)
>> New Identity Exchange - Initiator
>> Initiating Phase 1 Keying
>> Send: SA/Vendor/SENT
>>
>> Rcvd: exchange=Identity, firstPayload=SA, port=500
>> Payloads:SA/
>> Proposal Selected (I): RSA Sig, TripleDES
>> Send: KE/Nonce/SENT
>>
>> Rcvd: exchange=Identity, firstPayload=KE, port=500
>> Payloads:KE/Nonce/CertReq/
>> Send: (E):Ident/
>> New Informational Exchange - Initiator
>> Send: Notify/SENT
>>
>> ALERT(L): 192.168.230.128, alert=UnsupportedExchange
>> SAFailed: 192.168.230.128 (0.0.0.0/0.0.0.0)
>> PGPError: -10988
>>
>>
>> and this error message i get in freeswan
>> Nov 27 10:55:58 zelda pluto[14046]: packet from 192.168.230.17:500:
>> ignoring Vendor ID payload
>> Nov 27 10:55:58 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1:
>> responding to Main Mode from unknown peer 192.168.230.17
>> Nov 27 10:56:00 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1:
>> ignoring informational payload, type UNSUPPORTED_EXCHANGE_TYPE
>> Nov 27 10:56:00 zelda pluto[14046]: "tb"[1] 192.168.230.17 #1:
>> received and ignored informational message
>>
>> What means it? I did not found an answer in the mailinglist archive.
>>
>> Im not subscribed on the list, the mailman 2.2 from freeswan do not
>> want it.
>>
>> Please cc me.
>>
>> cu thomas
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users_at_lists.freeswan.org
>> http://lists.freeswan.org/mailman/listinfo/users
>
>
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:53 CET