On Friday 14 February 2003 07:52 am, [EMAIL PROTECTED] wrote: > Lynn, > > Thanks for the good information. > > I made a fresh Dachstein v 1.0.2 - 1680 floppy. I made sure it worked > on my LRP box. I edited the modules file to make sure that > ip-masq-portfw.o and ip-masq-ipsec.o would be loaded.
OK, this is the 'stock' Dachstein image, not my IPSec image, correct? > I added the lines you sent me below. I put them in those sections that > had similar commands to those shown below. I backed up ram to disk, > everything but the log. > > I rebooted the LRP box. It booted normally. > > I used lsmod to verify that ip-masq-portfw.o and ip-masq-ipsec.o were > loaded and being used. They were loaded and being used. OK, good. > Then I tried to use the VNP from my windows98se machine at 192.168.1.3 > and I got the following result in the VPN log. > > 1 07:41:23.320 02/14/03 Sev=Warning/2 IKE/0xE300007B > Exceeded 3 IKE SA negotiation retransmits... peer is not responding > > 2 07:41:23.380 02/14/03 Sev=Warning/3 DIALER/0xE3300015 > GI VPN start callback failed "CM_PEER_NOT_RESPONDING" (16h). > > That is the same thing I have been getting all along. The people I am > trying to connect with assure me that I have the correct IP address for > them and that their server is always on and ready to connect. Doesn't sound as if the remote end is getting the request. Please send your logs from the firewall per the SR FAQ linked on the bottom of this post. > Then I decided to change 192.168.1.1 in the INTERN_SERVERS line to > 192.168.1.3 which is the IP address that was assigned to the windows > machine I was using. > > No difference. Same error messages and no connection. That would be correct, I gave the example based on your earlier post. You may want to set a static ip for that LAN machine for permanent use (example: 192.168.1.250), so you won't have to change the portfw'ding in the future. > There has got to be something very basic that is being overlooked. At > least I certainly hope so. How do you suggest I proceed from here? Let's see what the firewall logs say. It is possible that your ISP is blocking IPSec access, but that would be pure speculation at this point and very rare. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
