[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    [Users] Road Warrior Problems with SoftPK 5.4.0
From:       Matthew Schillinger <mschilli () vss ! fsi ! com>
Date:       2001-10-30 15:57:11
[Download RAW message or body]



I am unable to get a SoftPK road warrior client to FreeSWAN Gateway (with
subnet behind it) using 0.0.0.0 or %any in ipsec.conf for 'left='.  Just
to clarify i HAVE made the PSK line 

0.0.0.0 'my ip': PSK "secret"

so it doesn't have to do with secrets that don't match conf.  Here is
where I HAVE gotten so far.

with the correct ip of the client in the ipsec.secrets, i can get a tunnel
built and pass data in both host-to-host and host-to-subnet modes.  As
soon as I try to make it a dynamic road warrior setup, 

ie: changing the left= to left=0.0.0.0 and ipsec.secrets to 
0.0.0.0 'gateway ip': PSK "secret"

It ceases to connect.  In the softpk logs, i get the following data...

10:00:26.890 My Connection\road warrior - Initiating IKE Phase 1 (IP ADDR=66.xxx.xxx.xxx)
10:00:26.890 My Connection\road warrior - SENDING>>>> ISAKMP OAK MM (SA)
10:00:42.540 My Connection\road warrior - message not received! Retransmitting!
10:00:42.540 My Connection\road warrior - SENDING>>>> ISAKMP OAK MM (SA)
10:00:57.540 My Connection\road warrior - message not received! Retransmitting!
10:00:57.540 My Connection\road warrior - SENDING>>>> ISAKMP OAK MM (SA)
10:01:13.520 My Connection\road warrior - message notreceived! Retransmitting!
10:01:13.520 My Connection\road warrior - SENDING>>>> ISAKMP OAK MM (SA)




==============================================================

In /var/log/debug , i get the following lines (abridged)


Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |
af+type: OAKLEY_ENCRYPTION_ALGORITHM
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 5
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [5 is OAKLEY_3DES_CBC]
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |    af+type: OAKLEY_HASH_ALGORITHM
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 1
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [1 is OAKLEY_MD5]
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |
af+type: OAKLEY_AUTHENTICATION_METHO
D
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 1
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [1 is OAKLEY_PRESHARED_KEY]
Oct 30 09:42:52 watcher1 Pluto[23957]: | *****parse ISAKMP Transform
Payload (IS
AKMP):
Oct 30 09:42:52 watcher1 Pluto[23957]: |    next payload
type: ISAKMP_NEXT_NONE
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length: 32
Oct 30 09:42:52 watcher1 Pluto[23957]: |    transform number: 3
Oct 30 09:42:52 watcher1 Pluto[23957]: |    transform ID: KEY_IKE
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |    af+type: OAKLEY_LIFE_TYPE
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 1
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [1 is OAKLEY_LIFE_SECONDS]
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |    af+type: OAKLEY_LIFE_DURATION
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 3600
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |
af+type: OAKLEY_ENCRYPTION_ALGORITHM
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 5
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [5 is OAKLEY_3DES_CBC]
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |    af+type: OAKLEY_HASH_ALGORITHM
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 2
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [2 is OAKLEY_SHA]
Oct 30 09:42:52 watcher1 Pluto[23957]: | ******parse ISAKMP Oakley
attribute:
Oct 30 09:42:52 watcher1 Pluto[23957]: |
af+type: OAKLEY_AUTHENTICATION_METHO
D
Oct 30 09:42:52 watcher1 Pluto[23957]: |    length/value: 1
Oct 30 09:42:52 watcher1 Pluto[23957]: |    [1 is OAKLEY_PRESHARED_KEY]
Oct 30 09:42:52 watcher1 Pluto[23957]: | state transition function for
STATE_MAI
N_R0 failed: NO_PROPOSAL_CHOSEN
Oct 30 09:42:52 watcher1 Pluto[23957]: | next event EVENT_SO_DISCARD in 0
second
s for #83
Oct 30 09:42:52 watcher1 Pluto[23957]: |  


============================================================

SoftPK is set to attempt IKE auth with 3 tries if unsuccessful, so the
debug log is repeated for each attempt.


Matt Schillinger
System Administrator
Flight Safety International - Visual Simulation Systems
mschilli@vss.fsi.com
314-551-8403

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic