From: Chris Ehlers (Chris.Ehlers_at_Mosaic-UK.com)
Date: Thu Jan 09 2003 - 18:01:37 CET
Yes I have that, below is my full config... I have special caracters in my
password (%$+- etc) will that confuse the windows client?...
my ipsec.secrets file looks like this:
%any : RSA freeswan-priv.pem "This-is-my-password"
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
#authby=secret
pfs=yes
#leftrsasigkey=%none
#rightrsasigkey=%none
conn roadwarrior-test
authby=rsasig
auto=add
left=%any
leftcert=client-cert.pem
right=ip.address.of.vpn1
rightsubnet=172.30.0.0/24
rightnexthop=next.hop
rightcert=freeswan-cert.pem
-----Original Message-----
From: Chris Malott [mailto:chris_at_travelconnection.com]
Sent: 09 January 2003 16:53
To: Chris Ehlers
Subject: Re: [Users] Connecting to freeswan with PGPNet client using
Certificates
did you
"auto=add"
in your ipsec.conf file, for the given connection?
Chris
----- Original Message -----
From: "Chris Ehlers" <Chris.Ehlers_at_Mosaic-UK.com>
To: <users_at_lists.freeswan.org>
Sent: Thursday, January 09, 2003 3:41 AM
Subject: [Users] Connecting to freeswan with PGPNet client using
Certificates
> I have set up PGPNet (v 7.0.3) as instructed in
> http://www.evolvedatacom.nl/freeswan.html and restarted my freeswan (see
> below) but the server does not seem to accept the isakmp... what could the
> problem be?
>
> Jan 8 18:16:33 vpn1 pluto[22652]: shutting down
> Jan 8 18:16:33 vpn1 pluto[22652]: forgetting secrets
> Jan 8 18:16:33 vpn1 pluto[22652]: "roadwarrior-test": deleting connection
> Jan 8 18:16:33 vpn1 pluto[22652]: shutting down interface ipsec0/eth0
> ip.address.of.vpn1
> Jan 8 18:16:34 vpn1 ipsec__plutorun: Starting Pluto subsystem...
> Jan 8 18:16:34 vpn1 pluto[22994]: Starting Pluto (FreeS/WAN Version 1.99)
> Jan 8 18:16:34 vpn1 pluto[22994]: including X.509 patch (Version
0.9.15)
> Jan 8 18:16:34 vpn1 pluto[22994]: Changing to directory
> '/etc/ipsec.d/cacerts'
> Jan 8 18:16:34 vpn1 pluto[22994]: loaded cacert file 'cacert.pem' (1273
> bytes)
> Jan 8 18:16:34 vpn1 pluto[22994]: Changing to directory
'/etc/ipsec.d/crls'
> Jan 8 18:16:34 vpn1 pluto[22994]: loaded crl file 'crl.pem' (516 bytes)
> Jan 8 18:16:34 vpn1 pluto[22994]: loaded my default X.509 cert file
> '/etc/x509cert.der' (949 bytes)
> Jan 8 18:16:35 vpn1 pluto[22994]: loaded host cert file
> '/etc/ipsec.d/client-cert.pem' (3632 bytes)
> Jan 8 18:16:35 vpn1 pluto[22994]: loaded host cert file
> '/etc/ipsec.d/freeswan-cert.pem' (3652 bytes)
> Jan 8 18:16:35 vpn1 pluto[22994]: added connection description
> "roadwarrior-test"
> Jan 8 18:16:35 vpn1 pluto[22994]: listening for IKE messages
> Jan 8 18:16:35 vpn1 pluto[22994]: adding interface ipsec0/eth0
> ip.address.of.vpn1
> Jan 8 18:16:35 vpn1 pluto[22994]: loading secrets from
"/etc/ipsec.secrets"
> Jan 8 18:16:35 vpn1 pluto[22994]: loaded private key file
> '/etc/ipsec.d/private/freeswan-priv.pem' (1671 bytes)
> Jan 8 18:17:13 vpn1 pluto[22994]: packet from client.ip.add:500: ignoring
> Vendor ID payload
> Jan 8 18:17:13 vpn1 pluto[22994]: packet from client.ip.add:500: initial
> Main Mode message received on ip.address.of.vpn1:500 but
> no connection has been authorized
> Jan 8 18:17:17 vpn1 pluto[22994]: packet from client.ip.add:500: ignoring
> Vendor ID payload
> Jan 8 18:17:17 vpn1 pluto[22994]: packet from client.ip.add:500: initial
> Main Mode message received on ip.address.of.vpn1:500 but
> no connection has been authorized
> Jan 8 18:17:23 vpn1 pluto[22994]: packet from client.ip.add:500: ignoring
> Vendor ID payload
> Jan 8 18:17:23 vpn1 pluto[22994]: packet from client.ip.add:500: initial
> Main Mode message received on ip.address.of.vpn1:500 but
> no connection has been authorized
> Jan 8 18:17:32 vpn1 pluto[22994]: packet from client.ip.add:500: ignoring
> Vendor ID payload
> Jan 8 18:17:32 vpn1 pluto[22994]: packet from client.ip.add:500: initial
> Main Mode message received on ip.address.of.vpn1:500 but
> no connection has been authorized
>
> Kind Regards
> Christiaan Ehlers
>
> N B Khan and N G Edwards were appointed Joint Administrators of Mosaic UK
> Limited on 2 December 2002. The Administrators act as agents of the
company
> and contract without personal liability.
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
This message was checked by MailScan for WorkgroupMail.
www.workgroupmail.com
N B Khan and N G Edwards were appointed Joint Administrators of Mosaic UK
Limited on 2 December 2002. The Administrators act as agents of the company
and contract without personal liability.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Jan 10 2003 - 05:21:18 CET