Re: [Users] FW: ipsec guidance (much obliged)

From: Björn Sundberg (bjorn_at_resfeber.se)
Date: Mon Dec 09 2002 - 17:05:14 CET

• Next message: Jon Erdman: "Re: [Users] Re: super-freeswan-1.99_kb2 version number problem?"
• Previous message: Gert.Vandelaer_at_medisearch-int.com: "[Users] Win2k road warrior - Linux FW + LAN behind firewall"
• In reply to: mowglie: "[Users] FW: ipsec guidance (much obliged)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can ignore the first three errors. It only tells that freeswan
checks for these files. The crl.pem do you specify in ipsec.conf if you
want to use it, x.509cert.der is an alternative format to use.
pgpcert.pgp is a new future in the x509 patch, it checks if you are
using certs created by openpgp.

Perhaps you could try to change the names of one of the roadwarrior
connections and change the auto=start to auto=add.

You cannot have two conn of the same name.

Is the connection host to host?

Check out the examples at www.freeswan.ca

Hope that helps.

regards

/bjorn

On Mon, 2002-12-09 at 10:14, mowglie wrote:
> these are the errors i get now after tweaking things further (or backwards as the case may be)
>
> Changing to directory '/etc/ipsec.d/crls'
> Dec 9 00:40:03 jupiter pluto[28888]: loaded crl file 'crl.pem' (678 bytes)
> Dec 9 00:40:03 jupiter pluto[28888]: could not open my default X.509 cert file '/etc/x509cert.der'
> Dec 9 00:40:03 jupiter pluto[28888]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
> and later
>
> "roadwarrior"[1] 61.231.192.128 #1: responding to Main Mode from unknown peer 61.231.192.128
> Dec 9 00:40:32 jupiter pluto[28888]: "roadwarrior"[1] 61.231.192.128 #1: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA
> "roadwarrior": cannot initiate connection without knowing peer IP address
>
> my gateway ipsec.conf is
>
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
> conn %default
> keyingtries=1
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> conn roadwarrior
> right=%any
> left=%defaultroute
> leftcert=jfanchiang2.pem
> auto=add
> pfs=yes
>
> my roadwarrior ipsec.conf is
> conn roadwarrior
> left=%any
> right=67.105.101.194
> rightca="C=US, S=Texas, L=Dallas, O=BWUSA, CN=jupiter.bldgworks.com, Email=akpillai_at_bldgworks.com"
> network=auto
> auto=start
> pfs=yes
>
> any suggestions as to what i should read/do to resolve? much obliged...
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Jon Erdman: "Re: [Users] Re: super-freeswan-1.99_kb2 version number problem?"
• Previous message: Gert.Vandelaer_at_medisearch-int.com: "[Users] Win2k road warrior - Linux FW + LAN behind firewall"
• In reply to: mowglie: "[Users] FW: ipsec guidance (much obliged)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Tue Dec 10 2002 - 05:21:07 CET