From: bill zhang ze yu (zeyubill_at_hotmail.com)
Date: Sat Dec 28 2002 - 07:04:34 CET
KLIPS device ipsec0 shut down just after initiaing Quick Mode
I've got freeswan-1.98b with alg-0.8.0 on RH-7.2 and sucesfully got
tunnels.
left(10.170.1.120) ========= (10.170.1.90) right
Here is how my ipsec.conf looks like:
config setup
interfaces="ipsec0=eth0 ipsec1=eth1"
klipsdebug=none
plutodebug=all
uniqueids=yesconn %default
conn %default
keyingtries=0
disablearrivalcheck=no
authby=secret
conn gw120
left=10.170.1.120
right=10.170.1.90
auth=ah
ike=3des-md5
ah=hmac-md5-96
esp=3des-md5-96
and ipsec.secrets
10.170.1.120 10.170.1.90: PSK "1234567890"
connection suceeded!
But when I modified the configuration ipsec.conf (esp=3des) look like :
config setup
interfaces="ipsec0=eth0 ipsec1=eth1"
klipsdebug=none
plutodebug=all
uniqueids=yesconn %default
conn %default
keyingtries=0
disablearrivalcheck=no
authby=secret
conn gw120
left=10.170.1.120
right=10.170.1.90
auth=ah
ike=3des-md5
ah=hmac-md5-96
esp=3des
Everything seems to run fine because ISAKMP SA established, but IPSEC SA
cannot establish.
and several seconds afterwards, KLIPS device ipsec0 shut down. IS IT A BUG?
002 "gw120" #1: initiating Main Mode
104 "gw120" #1: STATE_MAIN_I1: initiate
106 "gw120" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "gw120" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "gw120" #1: ISAKMP SA established
004 "gw120" #1: STATE_MAIN_I4: ISAKMP SA established
002 "gw120" #2: initiating Quick Mode PSK+ENCRYPT+AUTHENTICATE+TUNNEL+PFS
HOW to assemble auth ike,ah and esp ?
Attachments are my barf and secure.
2002.12.27
Regards...
Bill
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sun Dec 29 2002 - 05:21:19 CET