On Wednesday 01 January 2003 05:27 pm, you wrote: > Everyone, > > After much hair pulling, blood-pressure raising, mustache twitching.... > > I am trying to configure Bering in a Road Warrior configuration using ( > I shudder to admit ) Win2k clients. > > I've gone through Chad Carr's instructions about 10 times and various > docs from both www.freeswan.org and freeswan.ca the Win2k/XP box says > "Negotiating IP Security" when trying to ping and I see nothing in an > ipsec barf that would lead me to believe there is even a connection > being attempted. I tried to determine whether or not the ports were > open in Shorewall but an iptables -C INPUT -p udp -s 65.114.248.6/24 -d > 65.114.249.131:500, only gives me a "Will be implemented real soon ;)" > so I scanned the Bering box with nmap and got >
Well, the barf would seem to indicate that Bering box is not receiving a connection attempt, which could be due to the firewall rules (see Tom's post) or misconfiguration in ipsec.conf. So being that Tom has looked at possible firewall problems, let's look at ipsec.conf: # defaults for subsequent connection descriptions conn %default type=tunnel keyexchange=ike keylife=8h disablearrivalcheck=no # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 authby=secret left=65.114.249.131 leftsubnet=10.4.8.0/24 leftfirewall=yes pfs=yes Where's the leftgateway? The routing will not work w/o the gateway. The "leftfirewall=yes" statement doesn't play nice with LEAF if you have a dropped tunnel, so I would suggest changing it to "no" instead. The right-side looks alright to me.....if you would add a pre-shared secret as you have told ipsec.conf to look for in ipsec-secrets (note: RSA and certs are not "secrets"). To me, nmap should show udp 500 in the scan, but this depends on the scan you are running. I hope this helps, ~Lynn ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html