Re: [SLUG] IPSec blues
On Fri, 4 Apr 2003 [EMAIL PROTECTED] wrote: G'day all... With our recent server crash, I've been trying to reimplement the VPN. Please note that on the other end of the VPN they are using FreeS/WAN IPsec 1.97 and on this side 1.99 I've copied the /etc/ipsec.conf and /etc/ipsec.secrets file from the crashed machine into the replacement box. I start ipsec - /etc/init.d/ipsec start - everything fine. No proper routing comes up though when I do a 'route' and I can't ping the other side. I've been playing with things like 'ipsec auto --ready' and 'ipsec auto --up connection name used in /etc/ipsec.conf' .. to no avail on either end. On the far end I get: 112 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: initiate 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 20s for response 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 40s for response 031 woolloomooloo-nth_sydney #46: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 woolloomooloo-nth_sydney #46: starting keying attempt 2 of an unlimited number, but releasing whack When trying the same this on this end I get: 029 woolloomooloo-nth_sydney: cannot initiate connection without knowing peer IP address Try to work out why it is not resolving this, I think this could be the cause. More information is available upon request. Any help would be greatly appreciated I've spent most of today trying to figure this out and things are gloomy. Thanks. Mike --- Michael S. E. Kraus Administration Capital Holdings Group (NSW) Pty Ltd p: (02) 9955 8000 -- Howard. LANNet Computing Associates - Your Linux people http://www.lannetlinux.com -- Flatter government, not fatter government - Get rid of the Australian states. -- I before E except after C. We live in a weird society! -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] IPSec blues
Hi Howard, Found out there was a bug in 1.97 with the X.509 patch applied. Looking at upgrading the patch on the 1.97 machine to fix the problem. (Asked on the FreeS/WAN list.) Thanks heaps for the assistance. Mike - Original Message - From: Howard Lowndes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, April 05, 2003 7:18 AM Subject: Re: [SLUG] IPSec blues On Fri, 4 Apr 2003 [EMAIL PROTECTED] wrote: G'day all... With our recent server crash, I've been trying to reimplement the VPN. Please note that on the other end of the VPN they are using FreeS/WAN IPsec 1.97 and on this side 1.99 I've copied the /etc/ipsec.conf and /etc/ipsec.secrets file from the crashed machine into the replacement box. I start ipsec - /etc/init.d/ipsec start - everything fine. No proper routing comes up though when I do a 'route' and I can't ping the other side. I've been playing with things like 'ipsec auto --ready' and 'ipsec auto --up connection name used in /etc/ipsec.conf' .. to no avail on either end. On the far end I get: 112 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: initiate 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 20s for response 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 40s for response 031 woolloomooloo-nth_sydney #46: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 woolloomooloo-nth_sydney #46: starting keying attempt 2 of an unlimited number, but releasing whack When trying the same this on this end I get: 029 woolloomooloo-nth_sydney: cannot initiate connection without knowing peer IP address Try to work out why it is not resolving this, I think this could be the cause. More information is available upon request. Any help would be greatly appreciated I've spent most of today trying to figure this out and things are gloomy. Thanks. Mike --- Michael S. E. Kraus Administration Capital Holdings Group (NSW) Pty Ltd p: (02) 9955 8000 -- Howard. LANNet Computing Associates - Your Linux people http://www.lannetlinux.com -- Flatter government, not fatter government - Get rid of the Australian states. -- I before E except after C. We live in a weird society! -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] IPSec blues
G'day all... With our recent server crash, I've been trying to reimplement the VPN. Please note that on the other end of the VPN they are using FreeS/WAN IPsec 1.97 and on this side 1.99 I've copied the /etc/ipsec.conf and /etc/ipsec.secrets file from the crashed machine into the replacement box. I start ipsec - /etc/init.d/ipsec start - everything fine. No proper routing comes up though when I do a 'route' and I can't ping the other side. I've been playing with things like 'ipsec auto --ready' and 'ipsec auto --up connection name used in /etc/ipsec.conf' .. to no avail on either end. On the far end I get: 112 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: initiate 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 20s for response 010 woolloomooloo-nth_sydney #46: STATE_QUICK_I1: retransmission; will wait 40s for response 031 woolloomooloo-nth_sydney #46: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 000 woolloomooloo-nth_sydney #46: starting keying attempt 2 of an unlimited number, but releasing whack When trying the same this on this end I get: 029 woolloomooloo-nth_sydney: cannot initiate connection without knowing peer IP address More information is available upon request. Any help would be greatly appreciated I've spent most of today trying to figure this out and things are gloomy. Thanks. Mike --- Michael S. E. Kraus Administration Capital Holdings Group (NSW) Pty Ltd p: (02) 9955 8000-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug