-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm following http://www.natecarlson.com/linux/ipsec-x509.php
So my /etc/ipsec.conf reads as enclosed
I'm reticent to email the entire output of ipsec barf. It includes all my firewall
rules (that might not be _that_ secure and is *huge*. Any particular section that'd
help? How about the kilps|ipsec|pluto records from /var/log/messages and
/var/log/secure?
Craig.
Sam Sgro wrote:
>
> On Sat, 2 Aug 2003, Craig Emery wrote:
>
>
>>pluto[20850]: packet from <IP removed for privacy reasons>:500: initial Main
>>Mode message received on <IP#2 removed for privacy reasons>:500 but no
>>connection has been authorized
>
>
> Usually, this error represents a FreeS/WAN misconfiguration.
>
> http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/faq.html#noconn.auth
>
> You haven't posted your connection details, so it's hard to know what's going
> wrong here. However, read the FAQ entry; double check your configuration
> against nate carlson's document; and check your logs to see if there was a
> failure in adding your roadwarrior connection at FreeS/WAN start or when you
> issue "ipsec auto --add connname". (plutodebug=all sometimes makes it hard to
> see the essential details given the verbose output.)
>
> Failing that, post additional details. All the relevant debugging details are
> summarized by the "ipsec barf" command.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/K2cpBIRM2chQkvERAgvBAJ9y7xupFdCQ7ruTnwZcWrDvmnNMmwCfQTxB
H9v7oIufmykvEGGJiHz7xTo=
=E7Gu
-----END PGP SIGNATURE-----
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=none
klipsdebug=all
#plutodebug=none
plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
#authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
conn cemery-net-gw
[snip]
conn cemery-net-net
[snip]
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.16.0/24
also=roadwarrior
conn roadwarrior
right=%any
left=%defaultroute
leftcert=hilly.dynalias.net.pem
auto=start
pfs=yes
