From: Emiliano (emiliano_at_climafin.com.ar)
Date: Fri Jan 10 2003 - 19:05:21 CET
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On Fri, 10 Jan 2003, Emiliano wrote:
>
> > Hello, im using freeswan to connect 2 linux boxes : static ip
linux -----
> > internet ---- dynamic ip linux
> > I run:
> > ipsec auto --verbose --up lintolin
> > And shows:
> > 002 "lintolin" #1: initiating Main Mode
> > 104 "lintolin" #1: STATE_MAIN_I1: initiate
> > 002 "lintolin" #1: ERROR: asynchronous network error report on eth1 for
> > message to 200.X.X.X port 500, complainant 200.X.X.X: Connection refused
> > [errno 111, origin ICMP type 3 code 3 (not authenticated)]
I already do this
>
> You have an issue with your firewall rules. Have you allowed UDP port 500
> traffic, and protocol 50 (ESP)? Read:
>
>
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/firewall.html#simple
.rules
>
Take a look to my iptables rules.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
dpt:500
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:500
dpt:500
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
Emiliano.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sun Jan 12 2003 - 05:21:07 CET