Re: [Users] Re:Vpn Server..was (no connection has been authorized)!(barf and oakley output)

From: Alessandro (magobin_at_libero.it)
Date: Tue Jan 14 2003 - 17:21:49 CET

• Next message: Sam Sgro: "Re: [Users] pinging from freeswan box"
• Previous message: CARTER, Roy: "[Users] Windows 2000 connection"
• Maybe in reply to: Alessandro: "[Users] Re:Vpn Server..was (no connection has been authorized)!(barf and oakley output)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>You've got a problem with rp_filter:

> gen 12 10:33:09 proxy ipsec_setup: WARNING: eth0 has route filtering
turned
> on, KLIPS may not work
> gen 12 10:33:09 proxy ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter
> = `1', should be 0)

Is this a real problem? I ask about it because in the machine where run
freeswan, run a firewall too...

>Lastly, I don't know what you are attempting to do with your
>"leftsubnet=10.23.5.0/24" setting in your roadwarrior-net connection. What
>point is there to protecting the subnet your roadwarriora actually lies on.
>- From your barf, perhaps you aiming for that gateway to protect
communications
>to the 192.168.20.0/24 subnet behind it on eth1. In that case, you should
be
>setting the leftsubnet variable appropriately.

OK, I explain you... I have this scenario:

Client
10.23.5.242
||
||
10.23.5.243
VPN-Server-Proxy
192.168.1.100
||
||
192.168.1.1
Router adsl

I want that from my intranet is possible to connect directly with VPN
Server-Proxy e then to Internet;My Intranet is made by 4 l.a.n.; In my test
I want to connect my client (that is connect directly in l.a.n) with VPN
Server...so the goal is connect client to vpn server in secure mode!

>This is in italian, but I presume it means something to the effect of "we
>can't find a valid certificate for this computer" - you have a certificate
>problem.

Porca puttana :-) Yes is the same in English....

>One common cause of this is the "rightca" setting in win2k's
>ipsec.conf; you may not have the proper certificate attributes listed.
>You may get this message with errors in CA/certificate expiration times:

In which way is possible to check if the certificate is out of date!
I presume that in the same way I can do another certificate for client .Is
it right?

>If you need more tips, read Nate Carlson's walkthrough:

I follow the net carlson guide step-by-step....is possible to generate
another certificate for windows? Do you think that I have some problem with
certificate gateway too?

Thank's in advance

Alessandro

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] pinging from freeswan box"
• Previous message: CARTER, Roy: "[Users] Windows 2000 connection"
• Maybe in reply to: Alessandro: "[Users] Re:Vpn Server..was (no connection has been authorized)!(barf and oakley output)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET