From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Jan 10 2003 - 18:25:22 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 10 Jan 2003, magobin wrote:
> Hi again,
>
> I'm trying to connect win2000 client to my vpnserver, but when I try I've
> the error in object, but my connection are right! is there anyone that can
> help me?
> For my test I'm working in lan and so the vpn server and client are in the
> same subnet....is a problem?
Actually, this is a problem for two reasons, but I don't think you've
quite encountered either.
First, since you don't have a nexthop between the two machines, you'll need to
use the default value of leftnexthop, %direct. This setting will not work when
you "turn" to face the IPSec gateway out towards the 'net, as there will be a
nexthop between the two. In that case, you'll probably be using
interfaces=%defaultroute
which will, by default, set leftnexthop correctly. Just something to be aware of.
Secondly, win2k machines sometimes have a problem being on the same subnet as
the FreeS/WAN servers they are trying to connect to. They don't properly set
the route; you can see a description of the problem, and the solution, here:
http://lists.freeswan.org/pipermail/users/2002-July/012628.html
> another question....I've seen in my log that when Ipsec start don't find
> x509 default cert file...I follow documentation of nate carlson and there
> isn't anything about it!
You can ignore these warnings.
> alessandro
> belove my log:
> Jan 10 08:10:28 proxy ipsec__plutorun: Starting Pluto subsystem...
> Jan 10 08:10:28 proxy pluto[828]: Starting Pluto (FreeS/WAN Version 1.99)
> Jan 10 08:10:28 proxy pluto[828]: including X.509 patch (Version 0.9.15)
> Jan 10 08:10:28 proxy pluto[828]: Changing to directory
> '/etc/ipsec.d/cacerts'
> Jan 10 08:10:28 proxy pluto[828]: loaded cacert file 'cacert.pem' (1578
> bytes)
> Jan 10 08:10:28 proxy pluto[828]: Changing to directory '/etc/ipsec.d/crls'
> Jan 10 08:10:28 proxy pluto[828]: loaded crl file 'crl.pem' (674 bytes)
> Jan 10 08:10:28 proxy pluto[828]: could not open my default X.509 cert file
> '/etc/x509cert.der'
> Jan 10 08:10:28 proxy pluto[828]: OpenPGP certificate file
> '/etc/pgpcert.pgp' not found
> Jan 10 08:10:29 proxy pluto[828]: listening for IKE messages
> Jan 10 08:10:29 proxy pluto[828]: adding interface ipsec0/eth0 10.23.5.243
> Jan 10 08:10:29 proxy pluto[828]: loading secrets from "/etc/ipsec.secrets"
> Jan 10 10:59:14 proxy pluto[3170]: packet from 10.23.5.20:500: initial Main
> Mode message
> received on 10.23.5.243:500 but no connection has been authorized
> Jan 10 10:59:15 proxy pluto[3170]: packet from 10.23.5.20:500: ignoring
> Vendor ID payload
> Jan 10 10:59:15 proxy pluto[3170]: packet from 10.23.5.20:500: initial Main
> Mode message received on 10.23.5.243:500 but no connection has been
> authorized
Without your configuration details, we can't really help you. Even better,
perhaps you could post the output of the "ipsec barf" command to a website.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPh8CA0OSC4btEQUtAQHUPQP/Y8cxX2RJJzJBCPAgNZhtM7k6cA2Tb+ei
IQpJ2SKdZzrGLF7gD8xgbDFxHTu0bXmfpASv5blM8N13cGTg0alFSh09vty9Y4gG
ejv9AgE/Y3tpfTZ4esxUGAAj5wi9tn1IKtOSXV52l7vgvsdYg2M/oQxf43KrCNcj
m/ATuORuLfU=
=sHQt
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Jan 11 2003 - 05:21:14 CET