Re: [Users] [Fwd: FreeSWAN and Windows XP]

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Thu Dec 26 2002 - 20:05:03 CET

• Next message: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Previous message: Shyamal Thatte: "[Users] Checkpoint FW1 and FreeSwan 1.99"
• In reply to: Patrick Topping: "[Users] [Fwd: FreeSWAN and Windows XP]"
• Next in thread: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Reply: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The entry

authby=rsasig

is missing in your FreeS/WAN ipsec.conf. Therefore authby=secret is
assumed by default, leading to the error below.

Regards

Andreas

Patrick Topping wrote:
> With attachments this time......:-)
>
> I have read through and done step by step what is on nate carlosn's web
> page and I still cannot get the tunnel up. I have attached the
> ipsec.conf files for both the FreeSWAN gateway and for my windows XP
> client. The error that I am seeing on the gateway is as follows:
>
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: responding to Main
> Mode
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: policy does not
> allow OAKLEY_RSA_SIG authentication. Attribute
> OAKLEY_AUTHENTICATION_METHOD
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: policy does not
> allow OAKLEY_RSA_SIG authentication. Attribute
> OAKLEY_AUTHENTICATION_METHOD
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: OAKLEY_DES_CBC is
> not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: OAKLEY_DES_CBC is
> not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Dec 26 17:14:27 sapphire pluto[12474]: "aeronet" #49: no acceptable
> Oakley Transform
> Dec 26 17:14:28 sapphire pluto[12474]: "aeronet" #50: responding to Main
> Mode
> Dec 26 17:14:28 sapphire pluto[12474]: "aeronet" #50: policy does not
> allow OAKLEY_RSA_SIG authentication. Attribute
> OAKLEY_AUTHENTICATION_METHOD
>
> Thanks in advance for any help I can get.
>
> -Patrick
>
>
>
>
>
> ------------------------------------------------------------------------
>
> # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
>
> # More elaborate and more varied sample configurations can be found
> # in FreeS/WAN's doc/examples file, and in the HTML documentation.
>
>
>
> # basic configuration
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> # interfaces=%defaultroute
> interfaces="ipsec0=eth0 ipsec1=eth1"
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=all
> plutodebug=all
> # Use auto= parameters in conn descriptions to control startup actions.
> plutoload=%search
> plutostart=%search
> plutowait=no
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
>
> conn aerocast
> left=68.99.179.107
> leftnexthop=68.99.176.1
> leftsubnet=192.168.255.0/24
> right=64.157.41.125
> rightnexthop=64.157.40.6
> rightsubnet=10.10.0.0/16
> auto=start
> pfs=yes
> esp=3des-sha1-96
> keyexchange=ike
> auth=esp
> disablearrivalcheck=no
> keyingtries=0
> keylife=24h
>
> conn level3
> left=68.99.179.107
> leftnexthop=68.99.176.1
> leftsubnet=192.168.255.0/24
> right=64.157.41.177
> rightnexthop=64.157.40.6
> rightsubnet=172.16.0.0/24
> auto=start
> pfs=yes
> esp=3des-sha1-96
> keyexchange=ike
> auth=esp
> disablearrivalcheck=no
> keyingtries=0
> keylife=24h
>
> #conn roadwarrior-net
> # leftsubnet=192.168.255.0/24
> # also=roadwarrior
>
> #conn roadwarrior
> # left=68.99.179.107
> # leftcert=sapphire.pem
> # right=%defaultroute
> # rightcert=clk430.pem
> # auto=add
> # pfs=yes
>
> conn aeronet
> left=192.168.255.254
> leftsubnet=192.168.255.0/24
> leftcert=sapphire.pem
> right=192.168.255.250
> rightcert=clk430.pem
> auto=add
> pfs=yes
>
>
> ------------------------------------------------------------------------
>
> #conn roadwarrior
> # left=%any
> # right=68.99.179.107
> # rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
> # network=auto
> # auto=start
> # pfs=yes
>
> #conn roadwarrior-net
> # left=%any
> # right=68.99.179.107
> # rightsubnet=192.168.255.0/24
> # rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
> # network=auto
> # auto=start
> # pfs=yes
>
> conn roadwarrior-allnet
> left=%any
> right=192.168.255.254
> rightca="C=US, ST=California, L=Irvine, O=Home, CN=sapphire, Email=ptopping_at_pobox.com"
> rightsubnet=*
> network=auto
> auto=start
> pfs=yes

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH phone: +41 76 340 25 56
Alter Zürichweg 20 home: http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Previous message: Shyamal Thatte: "[Users] Checkpoint FW1 and FreeSwan 1.99"
• In reply to: Patrick Topping: "[Users] [Fwd: FreeSWAN and Windows XP]"
• Next in thread: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Reply: Patrick Topping: "Re: [Users] [Fwd: FreeSWAN and Windows XP]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Dec 27 2002 - 05:21:18 CET