ipsec + Etch
Hallo,
ich versuche gerade ein VPN-Gateway mittels FreeS/WAN+L2pns+Radius.
Der erste Schritt wäre eine aktive ipsec-Verbindung, jedoch scheitert es
schon
an dieser. Client ist Windows XP, welcher auch eine Anfrage auf Port
500(UDP)
stellt.
eth0=192.168.0.1 (Netzintern)
eth1=192.168.2.1 (SDSL)
Auszug ipsec.conf:
version 2.0
config setup
uniqueids=no
interfaces=ipsec0=eth1
crlcheckinterval=180
nat_traversal=yes
virtual_private=%v4:10.0.0.0/24
# Debug-logging controls: "none" for (almost) none, "all" for
lots, control
klipsdebug=none
plutodebug="control controlmore"
plutostderrlog=/var/log/ipsec.log
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
conn %default
type=tunnel
left=%any
leftid=@gw
leftcert=gwca.pem
rightrsasigkey=%cert
authtby=rsasig
rekey=no
keyingtries=0
auto=add
conn client
pfs=no
leftprotoport=17/1701
rightprotoport=17/1701
right=%any
rightid=@client
rightcert=client.pem
Log:
| *received 312 bytes from xxx.xxx.92.95:500 on eth0 (port=500)
| processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)
packet from xxx.xxx.92.95:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
packet from xxx.xxx.92.95:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from xxx.xxx.92.95:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
packet from xxx.xxx.92.95:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
| find_host_connection called from main_inI1_outR1
| find_host_pair_conn (find_host_connection2): 181.192.8.1:500
xxx.xxx.92.95:500 -> hp:none
| find_host_connection called from main_inI1_outR1
| find_host_pair_conn (find_host_connection2): 181.192.8.1:500 %any:500
-> hp:none
packet from xxx.xxx.92.95:500: initial Main Mode message received on
181.192.8.1:500 but no connection has been authorized
| complete state transition with STF_IGNORE
| next event EVENT_PENDING_PHASE2 in 38 seconds
Hat vielleicht jemand eine Idee, wo etwas falsch ist?
Gruß
Boris
Reply to: