[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    [Users] I cant ping server - RoadWarrior
From:       "cafranc" <cafranc () bol ! com ! br>
Date:       2003-06-30 14:01:11
[Download RAW message or body]

Hi.
I´ve been problems to configure my VPN.
It´s a RoadWarrior (<XP>---<Internet>---<gwLinux>---
<subnet>),
I´m using FreeSWan 1.99 with x509 on Linux Conectiva 9 - 
Linux version 2.4.21.

I start ipsec in XP and Linux with no problem, but when 
I ping my server from XP, I have no response from 
server, how you can see (sorry, but its in Portuguese).

Thanks
cafranc

outputs:

C:\IpSec>ping x.y.w.z -n 15

Disparando contra x.y.w.z com 32 bytes de dados:

Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.
Negociando segurança IP.

Estatísticas do Ping para x.y.w.z:
    Pacotes: Enviados = 15, Recebidos = 0, Perdidos = 15 
(100% de perda),

# like: 15 packets transmitted, 0 packets received, 100% 
packet loss

C:\IpSec>



my XP ipsec.conf

conn roadwarrior
	left=%any
	right=x.y.w.z
	rightca=C=BR,S=SP,...
	network=auto
        auto=start
	pfs=yes

conn roadwarrior-net
	left=%any
	right=x.y.w.z
	rightsubnet=1.0.0.0/255.0.0.0
	rightca=C=BR,S=SP,...
	network=auto
	auto=start
	pfs=yes



my Linux ipsec.conf

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

# sample VPN connections
conn roadwarrior-net
        leftsubnet=1.0.0.0/255.0.0.0
        also=roadwarrior

conn roadwarrior
        left=x.y.w.z
        leftcert=virtual.pem
        right=%any
        rightcert=win.pem
        auto=add
        pfs=yes

output to ipsec barf:

Jun 30 09:20:14 virtual ipsec__plutorun: Starting Pluto 
subsystem...
Jun 30 09:20:14 virtual pluto[7689]: Starting Pluto 
(FreeS/WAN Version 1.99)
Jun 30 09:20:14 virtual pluto[7689]:   including X.509 
patch (Version 0.9.15)
Jun 30 09:20:14 virtual pluto[7689]: Changing to 
directory '/etc/ipsec.d/cacerts'
Jun 30 09:20:14 virtual pluto[7689]:   loaded cacert 
file 'cacert.pem' (1513 bytes)
Jun 30 09:20:14 virtual pluto[7689]: Changing to 
directory '/etc/ipsec.d/crls'
Jun 30 09:20:14 virtual pluto[7689]:   loaded crl 
file 'index.txt' (0 bytes)
Jun 30 09:20:14 virtual pluto[7689]:   file coded in 
unknown format, discarded
Jun 30 09:20:14 virtual pluto[7689]:   loaded crl 
file 'crl.pem' (650 bytes)
Jun 30 09:20:14 virtual pluto[7689]:   could not open my 
default X.509 cert file '/etc/x509cert.der'
Jun 30 09:20:14 virtual pluto[7689]: OpenPGP certificate 
file '/etc/pgpcert.pgp' not found
Jun 30 09:20:14 virtual pluto[7689]:   loaded host cert 
file '/etc/ipsec.d/virtual.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]:   loaded host cert 
file '/etc/ipsec.d/win.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: added connection 
description "roadwarrior"
Jun 30 09:20:14 virtual pluto[7689]:   loaded host cert 
file '/etc/ipsec.d/virtual.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]:   loaded host cert 
file '/etc/ipsec.d/win.pem' (4812 bytes)
Jun 30 09:20:14 virtual pluto[7689]: added connection 
description "roadwarrior-net"
Jun 30 09:20:14 virtual pluto[7689]: listening for IKE 
messages
Jun 30 09:20:14 virtual pluto[7689]: adding interface 
ipsec0/eth1 x.y.w.z
Jun 30 09:20:14 virtual pluto[7689]: loading secrets 
from "/etc/ipsec.secrets"
Jun 30 09:20:14 virtual pluto[7689]:   loaded private 
key file '/etc/ipsec.d/private/virtual.key' (1743 bytes)
Jun 30 09:20:55 virtual pluto[7689]: packet from 
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:20:55 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #1: responding to Main Mode from unknown peer 
a.b.c.d
Jun 30 09:22:00 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #1: encrypted Informational Exchange message is 
invalid because it is for incomplete ISAKMP SA
Jun 30 09:22:00 virtual pluto[7689]: packet from 
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:22:00 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: responding to Main Mode from unknown peer 
a.b.c.d
Jun 30 09:22:01 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: Peer ID is ID_DER_ASN1_DN: 'C=BR, ST=SP, ...'
Jun 30 09:22:01 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: sent MR3, ISAKMP SA established
Jun 30 09:22:05 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #1: max number of retransmissions (2) reached 
STATE_MAIN_R2
Jun 30 09:22:27 virtual pluto[7689]: packet from 
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:22:27 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #3: responding to Main Mode from unknown peer 
a.b.c.d
Jun 30 09:22:34 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: retransmitting in response to duplicate 
packet; already STATE_MAIN_R3
Jun 30 09:23:06 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: next payload type of ISAKMP Hash Payload has 
an unknown value: 193
Jun 30 09:23:06 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #2: malformed payload in packet
Jun 30 09:23:32 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #3: encrypted Informational Exchange message is 
invalid b
Jun 30 09:23:32 virtual pluto[7689]: packet from 
a.b.c.d:500: ignoring Vendor ID payload
Jun 30 09:23:32 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #4: responding to Main Mode from unknown peer 
a.b.c.d
Jun 30 09:23:34 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #4: discarding duplicate packet; already 
STATE_MAIN_R2
Jun 30 09:23:38 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #3: max number of retransmissions (2) reached 
STATE_MAIN_R2
Jun 30 09:23:51 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #4: Peer ID is ID_DER_ASN1_DN: 'C=BR, ST=SP, ...'
Jun 30 09:23:51 virtual pluto[7689]: "roadwarrior"[1] 
a.b.c.d #4: sent MR3, ISAKMP SA established


 
__________________________________________________________________________
Seleção de Softwares UOL.
10 softwares escolhidos pelo UOL para você e sua família.
http://www.uol.com.br/selecao



_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic