[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipsec
Subject: [Users] I cant ping server - RoadWarrior
From: "cafranc" <cafranc () bol ! com ! br>
Date: 2003-06-30 14:01:11
[Download RAW message or body]
Hi.
I´ve been problems to configure my VPN.
It´s a RoadWarrior (<XP>---<Internet>---<gwLinux>---
<subnet>),
I´m using FreeSWan 1.99 with x509 on Linux Conectiva 9 -
Linux version 2.4.21.
I start ipsec in XP and Linux with no problem, but when
I ping my server from XP, I have no response from
server, how you can see (sorry, but its in Portuguese).
Thanks
cafranc
outputs:
C:\IpSec>ping x.y.w.z -n 15
Disparando contra x.y.w.z com 32 bytes de dados:
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Estatísticas do Ping para x.y.w.z:
Pacotes: Enviados = 15, Recebidos = 0, Perdidos = 15
(100% de perda),
# like: 15 packets transmitted, 0 packets received, 100%
packet loss
C:\IpSec>
my XP ipsec.conf
conn roadwarrior
left=%any
right=x.y.w.z
rightca=C=BR,S=SP,...
network=auto
auto=start
pfs=yes
conn roadwarrior-net
left=%any
right=x.y.w.z
rightsubnet=1.0.0.0/255.0.0.0
rightca=C=BR,S=SP,...
network=auto
auto=start
pfs=yes
my Linux ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
# sample VPN connections
conn roadwarrior-net
leftsubnet=1.0.0.0/255.0.0.0
also=roadwarrior
conn roadwarrior
left=x.y.w.z
leftcert=virtual.pem
right=%any
rightcert=win.pem
auto=add
pfs=yes
output to ipsec barf:
Jun 30 09:20:14 virtual ipsec__plutorun: Starting Pluto
subsystem...
Jun 30 09:20:14 virtual pluto[7689]: Starting Pluto
(FreeS/WAN Version 1.99)
Jun 30 09:20:14 virtual pluto[7689]: including X.509
patch (Version 0.9.15)
Jun 30 09:20:14 virtual pluto[7689]: Changing to
directory '/etc/ipsec.d/cacerts'
Jun 30 09:20:14 virtual pluto[7689]: loaded cacert
file 'cacert.pem' (1513 bytes)
Jun 30 09:20:14 virtual pluto[7689]: Changing to
directory '/etc/ipsec.d/crls'
Jun 30 09:20:14 virtual pluto[7689]: loaded crl
file 'index.txt' (0 bytes)
Jun 30 09:20:14 virtual pluto[7689]: file coded in
unknown format, discarded
Jun 30 09:20:14 virtual pluto[7689]: loaded crl
file 'crl.pem' (650 bytes)
Jun 30 09:20:14 virtual pluto[7689]: could not open my
default X.509 cert file '/etc/x509cert.der'
Jun 30 09:20:14 virtual pluto[7689]: OpenPGP certificate
file '/etc/pgpcert.pgp' not found
Jun 30 09:20:14 virtual pluto[7689]: loaded host cert
file '/etc/ipsec.d/virtual.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: loaded host cert
file '/etc/ipsec.d/win.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: added connection
description "roadwarrior"
Jun 30 09:20:14 virtual pluto[7689]: loaded host cert
file '/etc/ipsec.d/virtual.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: loaded host cert
file '/etc/ipsec.d/win.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: added connection
description "roadwarrior-net"
Jun 30 09:20:14 virtual pluto[7689]: listening for IKE
messages
Jun 30 09:20:14 virtual pluto[7689]: adding interface
ipsec0/eth1 x.y.w.z
Jun 30 09:20:14 virtual pluto[7689]: loading secrets
from "/etc/ipsec.secrets"
Jun 30 09:20:14 virtual pluto[7689]: loaded private
key file '/etc/ipsec.d/private/virtual.key' (1743 bytes)
Jun 30 09:20:55 virtual pluto[7689]: packet from
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:20:55 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #1: responding to Main Mode from unknown peer
a.b.c.d
Jun 30 09:22:00 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #1: encrypted Informational Exchange message is
invalid because it is for incomplete ISAKMP SA
Jun 30 09:22:00 virtual pluto[7689]: packet from
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:22:00 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: responding to Main Mode from unknown peer
a.b.c.d
Jun 30 09:22:01 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: Peer ID is ID_DER_ASN1_DN: 'C=BR, ST=SP, ...'
Jun 30 09:22:01 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: sent MR3, ISAKMP SA established
Jun 30 09:22:05 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #1: max number of retransmissions (2) reached
STATE_MAIN_R2
Jun 30 09:22:27 virtual pluto[7689]: packet from
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:22:27 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #3: responding to Main Mode from unknown peer
a.b.c.d
Jun 30 09:22:34 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: retransmitting in response to duplicate
packet; already STATE_MAIN_R3
Jun 30 09:23:06 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: next payload type of ISAKMP Hash Payload has
an unknown value: 193
Jun 30 09:23:06 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #2: malformed payload in packet
Jun 30 09:23:32 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #3: encrypted Informational Exchange message is
invalid b
Jun 30 09:23:32 virtual pluto[7689]: packet from
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:23:32 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #4: responding to Main Mode from unknown peer
a.b.c.d
Jun 30 09:23:34 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #4: discarding duplicate packet; already
STATE_MAIN_R2
Jun 30 09:23:38 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #3: max number of retransmissions (2) reached
STATE_MAIN_R2
Jun 30 09:23:51 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #4: Peer ID is ID_DER_ASN1_DN: 'C=BR, ST=SP, ...'
Jun 30 09:23:51 virtual pluto[7689]: "roadwarrior"[1]
a.b.c.d #4: sent MR3, ISAKMP SA established
__________________________________________________________________________
Seleção de Softwares UOL.
10 softwares escolhidos pelo UOL para você e sua família.
http://www.uol.com.br/selecao
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic