Hi,
After successful FreeS/WAN setup with 2 subnets using Daschtein CDs on
both sides, I try to set up for the Road-Warrior on XP/W2K. I tried the
steps for built-in IPSEC as Chad suggested
(http://leaf.sourceforge.net/devel/jnilo/buipsec.html#AEN1227) but
always got stuck at the step
l) select the outbound traffic filter list, next (it said that a valid
IP must be selected and I do not understand what IP it asks about)
so I decided to give SSH Sentinel a shot.
My setup is as follow:
1. FreeS/WAN runs on one side with Shared-Key, having:
/etc/ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=no
conn %default
keyingtries=0
conn road-warrior
type=tunnel
keyingtries=1
left=%any
#leftsubnet=
leftnexthop=
right=24.68.116.134
rightsubnet=192.168.1.0/24
rightnexthop=24.68.116.1
authby=secret
auto=add
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
/etc/ipsec.secrets
%any 24.68.116.134: PSK My secret string
2. On the other side, no FreeS/WAN runs with DCD. ip_masq_ipsec module
is in /etc/modules and the rules for protocol 50, 51 and UDP port 500
are in place /etc/network.conf
After seting up a SSH Sentinel client on an internal machine, I added
the corresponding VPN connection, I try to connect and see the errors in
/etc/var/auth.log on FreeSWAN side at the end of messages. Could anyone
help to show me what the erros are? I do not understand why both peer
24.83.28.213 (public IP) and 192.168.9.202 (private) are present. I
assume only the public one.
Thank you.
May 3 23:15:51 firewall Pluto[10650]: Starting Pluto (FreeS/WAN Version
1.91)
May 3 23:15:52 firewall Pluto[10650]: added connection description
road-warrior
May 3 23:15:52 firewall Pluto[10650]: listening for IKE messages
May 3 23:15:52 firewall Pluto[10650]: adding interface ipsec0/eth0
24.68.116.134
May 3 23:15:52 firewall Pluto[10650]: loading secrets from
/etc/ipsec.secrets
May 3 23:19:02 firewall Pluto[10650]: packet from 24.83.28.213:500:
ignoring Vendor ID payload
May 3 23:19:02 firewall last message repeated 3 times
May 3 23:19:02 firewall Pluto[10650]: road-warrior #1: responding to
Main Mode from unknown peer 24.83.28.213
May 3 23:19:02 firewall Pluto[10650]: road-warrior #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 3 23:19:02 firewall Pluto[10650]: road-warrior #1: no suitable
connection for peer '192.168.9.202'
May 3 23:19:03 firewall Pluto[10650]: road-warrior #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 3 23:19:03 firewall Pluto[10650]: road-warrior #1: no suitable
connection for peer '192.168.9.202'
May 3 23:19:05 firewall Pluto[10650]: road-warrior #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 3 23:19:05 firewall Pluto[10650]: road-warrior #1: no suitable
connection for peer '192.168.9.202'
May 3 23:19:09 firewall Pluto[10650]: road-warrior #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 3 23:19:09 firewall Pluto[10650]: road-warrior #1: no suitable
connection for peer '192.168.9.202'
May 3 23:19:12 firewall Pluto[10650]: road-warrior #1: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
May 3 23:19:12 firewall Pluto[10650]: road-warrior #1: no suitable
connection for peer '192.168.9.202'
___
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
