I'm trying to setup a VPN connection between a Win2K box and LEAF using a preshared key setup. I went as per the steps given inthe Microsoft site tosetup IPSec negotiations from IP to IP. The URL is http://http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp and the section is Titled: Building A Custom IPSec Policy. I've established a preshared key setup between two Bering boxes. It took me just 10 minutes. Win2K had me working overtime! I've two machines with Bering on 202.91.64.139 and my Win2k box on 202.91.64.132.If I stop ipsec and unassign the IPSec policy on local machine, I'm able to ping the IP. IPSec does not go thro'. I'm giving below the information that I think is relevant. Can someone give me help on what I need to look for and do? Ravi [root@test01 log]# ipsec look test01.swift-online.com Sat Dec 28 17:29:04 IST 2002 192.168.1.0/24 -> 202.91.64.132/32 => %trap (0) ipsec0->eth0 mtu=16260(1500)->1500 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 202.91.64.134 0.0.0.0 UG 40 0 0 eth0 202.91.64.128 0.0.0.0 255.255.255.192 U 40 0 0 eth0 202.91.64.128 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0 202.91.64.132 202.91.64.134 255.255.255.255 UGH 40 0 0 ipsec0 [root@test01 log]# ip ro sh 202.91.64.132 via 202.91.64.134 dev ipsec0 202.91.64.128/26 dev eth0 scope link 202.91.64.128/26 dev ipsec0 proto kernel scope link src 202.91.64.139 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 127.0.0.0/8 dev lo scope link default via 202.91.64.134 dev eth0 [root@test01 log]# cat /etc/ipsec.secrets|head #202.91.64.139 202.91.64.181 : PSK "thisismysecret" 202.91.64.139 202.91.64.132 : PSK "thisismysecret" [root@test01 log]# cat /etc/ipsec.conf conn testroad authby=secret left=202.91.64.139 leftnexthop=202.91.64.134 leftsubnet=192.168.1.0/24 right=202.91.64.132 lifetime=8h auto=start [root@test01 log]ipsec barf|tail -20 Dec 28 17:22:51 test01 ipsec__plutorun: Starting Pluto subsystem... Dec 28 17:22:51 test01 pluto[6689]: Starting Pluto (FreeS/WAN Version 1.99) Dec 28 17:22:51 test01 pluto[6689]: added connection description "testroad" Dec 28 17:22:51 test01 pluto[6689]: listening for IKE messages Dec 28 17:22:51 test01 pluto[6689]: adding interface ipsec0/eth0 202.91.64.139 Dec 28 17:22:51 test01 pluto[6689]: loading secrets from "/etc/ipsec.secrets" Dec 28 17:22:51 test01 pluto[6689]: "testroad" #1: initiating Main Mode Dec 28 17:22:51 test01 pluto[6689]: "testroad" #1: ignoring Vendor ID payload Dec 28 17:22:51 test01 pluto[6689]: "testroad" #1: ISAKMP SA established Dec 28 17:22:51 test01 pluto[6689]: "testroad" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS Dec 28 17:22:51 test01 pluto[6689]: "testroad" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Dec 28 17:22:51 test01 pluto[6689]: "testroad" #1: received and ignored informational message Dec 28 17:24:01 test01 pluto[6689]: "testroad" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal Dec 28 17:24:01 test01 pluto[6689]: "testroad" #2: starting keying attempt 2 of an unlimited number, but releasing whack Dec 28 17:24:01 test01 pluto[6689]: "testroad" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #2 Dec 28 17:24:01 test01 pluto[6689]: "testroad" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Dec 28 17:24:01 test01 pluto[6689]: "testroad" #1: received and ignored informational message + _________________________ date + date Sat Dec 28 17:24:43 IST 2002 ------------------------------------------------------- Mail sent using Vectra Technosoft WebMail Service
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
