[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

racoon / IPsec / Windows XP

Hi, hat jemand von euch folgende Konfiguration erfolgreich in Betrieb?:

1 Client mit Linux-2.6, IPsec, racoon, AH+ESP, x509, Transport
1 Client mit Windows XP SP2 passend zum Linux-Rechner eingerichtet.

Habe das Problem dass zwar eine Verbindung aufgebaut, nach 1 Sekunde
aber wieder verworfen wird. Das sieht auf dem Linux Rechner etwa so aus:

	[...]
2004-10-16 23:27:31: INFO: ISAKMP-SA established 192.168.0.2[500]-192.168.0.12[500] spi:9a60e11c69840d39:f985d2b43b20fd9b 2004-10-16 23:27:32: INFO: initiate new phase 2 negotiation: 192.168.0.2[0]<=>192.168.0.12[0] 
2004-10-16 23:27:32: WARNING: ignore RESPONDER-LIFETIME notification.
2004-10-16 23:27:32: WARNING: attribute has been modified.
2004-10-16 23:27:32: WARNING: attribute has been modified.
2004-10-16 23:27:32: WARNING: ignore CONNECTED notification.
2004-10-16 23:27:32: INFO: IPsec-SA established: AH/Transport 192.168.0.12->192.168.0.2 spi=190342326(0xb5864b6) 2004-10-16 23:27:32: INFO: IPsec-SA established: ESP/Transport 192.168.0.12->192.168.0.2 spi=59224084(0x387b014) 2004-10-16 23:27:32: INFO: initiate new phase 2 negotiation: 192.168.0.2[0]<=>192.168.0.12[0] 2004-10-16 23:27:32: INFO: IPsec-SA established: AH/Transport 192.168.0.2->192.168.0.12 spi=3608591951(0xd716be4f) 2004-10-16 23:27:32: INFO: IPsec-SA established: ESP/Transport 192.168.0.2->192.168.0.12 spi=2746070062(0xa3adb42e) 
2004-10-16 23:27:33: WARNING: ignore RESPONDER-LIFETIME notification.
2004-10-16 23:27:33: WARNING: attribute has been modified.
2004-10-16 23:27:33: WARNING: attribute has been modified.
2004-10-16 23:27:33: WARNING: ignore CONNECTED notification.
2004-10-16 23:27:33: INFO: IPsec-SA established: AH/Transport 192.168.0.12->192.168.0.2 spi=88950574(0x54d472e) 
2004-10-16 23:27:33: INFO: purged IPsec-SA proto_id=ESP spi=2746070062.
2004-10-16 23:27:33: INFO: IPsec-SA established: ESP/Transport 192.168.0.12->192.168.0.2 spi=2082862(0x1fc82e) 2004-10-16 23:27:33: INFO: IPsec-SA established: AH/Transport 192.168.0.2->192.168.0.12 spi=3459354229(0xce318e75) 2004-10-16 23:27:33: INFO: IPsec-SA established: ESP/Transport 192.168.0.2->192.168.0.12 spi=3651817297(0xd9aa4f51) 2004-10-16 23:27:33: INFO: initiate new phase 2 negotiation: 192.168.0.2[0]<=>192.168.0.12[0] 
2004-10-16 23:27:34: WARNING: ignore RESPONDER-LIFETIME notification.
2004-10-16 23:27:34: WARNING: attribute has been modified.
2004-10-16 23:27:34: WARNING: attribute has been modified.
2004-10-16 23:27:34: WARNING: ignore CONNECTED notification.
2004-10-16 23:27:34: INFO: IPsec-SA established: AH/Transport 192.168.0.12->192.168.0.2 spi=145033763(0x8a50a23) 
2004-10-16 23:27:34: INFO: purged IPsec-SA proto_id=ESP spi=3651817297.
2004-10-16 23:27:34: INFO: IPsec-SA established: ESP/Transport 192.168.0.12->192.168.0.2 spi=31540302(0x1e1444e) 2004-10-16 23:27:34: INFO: IPsec-SA established: AH/Transport 192.168.0.2->192.168.0.12 spi=4059609225(0xf1f8b889) 2004-10-16 23:27:34: INFO: IPsec-SA established: ESP/Transport 192.168.0.2->192.168.0.12 spi=4112767970(0xf523dbe2) 2004-10-16 23:27:35: INFO: initiate new phase 2 negotiation: 192.168.0.2[0]<=>192.168.0.12[0] 
2004-10-16 23:27:35: WARNING: ignore RESPONDER-LIFETIME notification.
2004-10-16 23:27:35: WARNING: attribute has been modified.
	[...]

Nebenläufig habe ich ein "Ping" auf den Windows Rechner:
gigabyte:~# ping gigabyte-vm
PING gigabyte-vm.kilobyte.dyndns.info (192.168.0.12): 56 data bytes
ping: sendto: No such process
ping: wrote gigabyte-vm.kilobyte.dyndns.info 64 chars, ret=-1
64 bytes from 192.168.0.12: icmp_seq=17 ttl=128 time=330.2 ms
ping: sendto: No such process
ping: wrote gigabyte-vm.kilobyte.dyndns.info 64 chars, ret=-1
ping: sendto: No such process
ping: wrote gigabyte-vm.kilobyte.dyndns.info 64 chars, ret=-1
ping: sendto: No such process
	[...]
ping: wrote gigabyte-vm.kilobyte.dyndns.info 64 chars, ret=-1
64 bytes from 192.168.0.12: icmp_seq=280 ttl=128 time=1582.0 ms
	[...]

Die Verbindung zu einem zweiten Linux-Rechner funktioniert einwandfrei. Was
mir jetzt wohl am ehesten weiterhelfen würde ist wenn jemand eine
funktionierende - nicht aus dem www geklaute - racoon.conf postet. Gerne auch
PM falls zu OT.


--
Mit freundlichen Gruessen
Bjoern Schmidt
Reply to: