Não tem nada configurado, pois justamente para evitar este tipo de problema que eu decide "setar" o IPSEC e depois fazer o Firewall.
-----Original Message----- From: Rápido SP - CPD (Luiz Anversa) [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 7:18 AM To: Barbosa, Carlos; Debian-list (E-mail) Subject: Re: VPN - Freeswan Meu, você tem um firewall na sua maquina ? Tive um problema desse tipo e tive que mexer em algumas regras de firewall, se você tiver um me passe as regras !! Att Luiz Fernando ----- Original Message ----- From: "Barbosa, Carlos" <[EMAIL PROTECTED]> To: "Rápido SP - CPD (Luiz Anversa)" <[EMAIL PROTECTED]>; "Debian-list (E-mail)" <debian-user-portuguese@lists.debian.org> Sent: Monday, August 18, 2003 12:52 PM Subject: RE: VPN - Freeswan Caro Luiz, Já trocamos alguns e-mails sobre Freeswan no Debian. Preciso fechar um tunnel com um CISCO VPN 3000 (Altiga) e esta me retornando as msg abaixo. Pelo que eu entendi, a fase da autenticação com a PSK foi bem sucedida, agora ele está reclamando com a seguinte mensagem: our client ID returned doesn't match my proposal. Anexei alguns dados da conexão. Grato pela ajuda. Augusto gw01-rtr:~# ipsec setup --stop ipsec_setup: Stopping FreeS/WAN IPsec... IPSEC EVENT: KLIPS device ipsec0 shut down. gw01-rtr:~# ipsec setup --start ipsec_setup: Starting FreeS/WAN IPsec 1.96... gw01-rtr:~# ipsec auto --up h2h 104 "h2h" #1: STATE_MAIN_I1: initiate 003 "h2h" #1: ignoring Vendor ID payload 106 "h2h" #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "h2h" #1: ignoring Vendor ID payload 003 "h2h" #1: ignoring Vendor ID payload 003 "h2h" #1: ignoring Vendor ID payload 003 "h2h" #1: ignoring Vendor ID payload 108 "h2h" #1: STATE_MAIN_I3: sent MI3, expecting MR3 003 "h2h" #1: ignoring Vendor ID payload 004 "h2h" #1: STATE_MAIN_I4: ISAKMP SA established 112 "h2h" #2: STATE_QUICK_I1: initiate 003 "h2h" #2: our client ID returned doesn't match my proposal 218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION 003 "h2h" #2: our client ID returned doesn't match my proposal 218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION 010 "h2h" #2: STATE_QUICK_I1: retransmission; will wait 20s for response 003 "h2h" #2: our client ID returned doesn't match my proposal 218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION 003 "h2h" #2: our client ID returned doesn't match my proposal 218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION 010 "h2h" #2: STATE_QUICK_I1: retransmission; will wait 40s for response 031 "h2h" #2: max number of retransmissions (2) reached STATE_QUICK_I1 000 "h2h" #2: starting keying attempt 2 of an unlimited number, but releasing whack gw01-rtr:~# Aug 18 09:46:05 gw01-rtr Pluto[16460]: shutting down Aug 18 09:46:05 gw01-rtr Pluto[16460]: forgetting secrets Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h": deleting connection Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h" #3267: deleting state (STATE_QUICK_I1) Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h" #3234: deleting state (STATE_MAIN_I4) Aug 18 09:46:05 gw01-rtr Pluto[16460]: shutting down interface ipsec0/eth0 200.xxx.yyy.10 Aug 18 09:46:12 gw01-rtr ipsec__plutorun: Starting Pluto subsystem... Aug 18 09:46:12 gw01-rtr Pluto[17849]: Starting Pluto (FreeS/WAN Version 1.96) Aug 18 09:46:12 gw01-rtr Pluto[17849]: including X.509 patch (Version 0.9.9) Aug 18 09:46:12 gw01-rtr Pluto[17849]: Changing to directory '/etc/ipsec.d/cacerts' Aug 18 09:46:12 gw01-rtr Pluto[17849]: Warning: empty directory Aug 18 09:46:12 gw01-rtr Pluto[17849]: Changing to directory '/etc/ipsec.d/crls' Aug 18 09:46:12 gw01-rtr Pluto[17849]: Warning: empty directory Aug 18 09:46:12 gw01-rtr Pluto[17849]: could not open my X.509 cert file '/etc/x509cert.der' Aug 18 09:46:12 gw01-rtr Pluto[17849]: OpenPGP certificate file '/etc/pgpcert.pgp' not found Aug 18 09:46:13 gw01-rtr Pluto[17849]: | from whack: got --esp=3des Aug 18 09:46:13 gw01-rtr Pluto[17849]: added connection description "h2h" Aug 18 09:46:13 gw01-rtr Pluto[17849]: listening for IKE messages Aug 18 09:46:13 gw01-rtr Pluto[17849]: adding interface ipsec0/eth0 200.xxx.yyy.10 Aug 18 09:46:13 gw01-rtr Pluto[17849]: loading secrets from "/etc/ipsec.secrets" Aug 18 09:46:19 gw01-rtr Pluto[17849]: "h2h" #1: initiating Main Mode Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Vendor ID payload Aug 18 09:46:20 gw01-rtr last message repeated 5 times Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: Peer ID is ID_IPV4_ADDR: '198.xxx.yyy.50' Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: ISAKMP SA established Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #2: initiating Quick Mode PSK+ENCRY PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #2: our client ID returned doesn't match my proposal Aug 18 09:46:39 gw01-rtr last message repeated 3 times Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Delete SA payload Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: received and ignored informational message Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Delete SA payload Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: received and ignored informational message Aug 18 09:46:50 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange message or an established SAKMP SA must be encrypted Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #2: max number of retransmissions (2) reached TATE_QUICK_I1Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #2: starting keying attempt 2 of an unlimited number, but releasing whack Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #3: initiating Quick Mode PSK+ENCRY PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #2 Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange message for an established ISAKMP SA must be encrypted Aug 18 09:48:00 gw01-rtr last message repeated 2 times Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #3: max number of retransmissions ( 2) reached STATE_QUICK_I1 Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #3: starting keying attempt 3 of an unlimited number Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #4: initiating Quick Mode PSK+ENCRY PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #3 Aug 18 09:48:41 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange message for an established ISAKMP SA must be encrypted Aug 18 09:49:10 gw01-rtr last message repeated 2 times Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #4: max number of retransmissions ( 2) reached STATE_QUICK_I1 Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #4: starting keying attempt 4 of an unlimited number Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #5: initiating Quick Mode PSK+ENCRY PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #4 Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange message for an established ISAKMP SA must be encrypted gw01-rtr:~#