From: Patrick Topping (ptopping_at_pobox.com)
Date: Thu Dec 26 2002 - 18:40:53 CET
With attachments this time......:-)
I have read through and done step by step what is on nate carlosn's web
page and I still cannot get the tunnel up. I have attached the
ipsec.conf files for both the FreeSWAN gateway and for my windows XP
client. The error that I am seeing on the gateway is as follows:
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: responding to Main
Mode
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: policy does not
allow OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: policy does not
allow OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: OAKLEY_DES_CBC is
not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: OAKLEY_DES_CBC is
not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: no acceptable
Oakley Transform
Dec 26 17:14:28 sapphire pluto[12474]: "aeronet" #50: responding to Main
Mode
Dec 26 17:14:28 sapphire pluto[12474]: "aeronet" #50: policy does not
allow OAKLEY_RSA_SIG authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Thanks in advance for any help I can get.
-Patrick
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
# interfaces=%defaultroute
interfaces="ipsec0=eth0 ipsec1=eth1"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
plutowait=no
# Close down old connection when new one using same ID shows up.
uniqueids=yes
conn aerocast
left=68.99.179.107
leftnexthop=68.99.176.1
leftsubnet=192.168.255.0/24
right=64.157.41.125
rightnexthop=64.157.40.6
rightsubnet=10.10.0.0/16
auto=start
pfs=yes
esp=3des-sha1-96
keyexchange=ike
auth=esp
disablearrivalcheck=no
keyingtries=0
keylife=24h
conn level3
left=68.99.179.107
leftnexthop=68.99.176.1
leftsubnet=192.168.255.0/24
right=64.157.41.177
rightnexthop=64.157.40.6
rightsubnet=172.16.0.0/24
auto=start
pfs=yes
esp=3des-sha1-96
keyexchange=ike
auth=esp
disablearrivalcheck=no
keyingtries=0
keylife=24h
#conn roadwarrior-net
# leftsubnet=192.168.255.0/24
# also=roadwarrior
#conn roadwarrior
# left=68.99.179.107
# leftcert=sapphire.pem
# right=%defaultroute
# rightcert=clk430.pem
# auto=add
# pfs=yes
conn aeronet
left=192.168.255.254
leftsubnet=192.168.255.0/24
leftcert=sapphire.pem
right=192.168.255.250
rightcert=clk430.pem
auto=add
pfs=yes
#conn roadwarrior
# left=%any
# right=68.99.179.107
# rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
# network=auto
# auto=start
# pfs=yes
#conn roadwarrior-net
# left=%any
# right=68.99.179.107
# rightsubnet=192.168.255.0/24
# rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
# network=auto
# auto=start
# pfs=yes
conn roadwarrior-allnet
left=%any
right=192.168.255.254
rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
rightsubnet=*
network=auto
auto=start
pfs=yes
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 27 2002 - 05:21:18 CET