RE: VPN - Freeswan

To: Rápido SP - CPD (Luiz Anversa) <lanversa@rapidosp.com.br>, "Debian-list (E-mail)" <debian-user-portuguese@lists.debian.org>
Subject: RE: VPN - Freeswan
From: "Barbosa, Carlos" <Carlos.Barbosa@LSGSkyChefs.com>
Date: Mon, 18 Aug 2003 08:39:38 -0500
Message-id: <[🔎] 47E33BF5FED80649AD2E943E625DAB7A60322A@gruexch1.skychefs.com>
Não tem nada configurado, pois justamente para evitar este tipo de problema
que eu decide "setar" o IPSEC e depois fazer o Firewall.



-----Original Message-----
From: Rápido SP - CPD (Luiz Anversa) [mailto:lanversa@rapidosp.com.br]
Sent: Monday, August 18, 2003 7:18 AM
To: Barbosa, Carlos; Debian-list (E-mail)
Subject: Re: VPN - Freeswan


Meu, você tem um firewall na sua maquina ?
Tive um problema desse tipo e tive que mexer em algumas regras de firewall,
se você tiver um me passe as regras !!

Att
Luiz Fernando
----- Original Message -----
From: "Barbosa, Carlos" <Carlos.Barbosa@LSGSkyChefs.com>
To: "Rápido SP - CPD (Luiz Anversa)" <lanversa@rapidosp.com.br>;
"Debian-list (E-mail)" <debian-user-portuguese@lists.debian.org>
Sent: Monday, August 18, 2003 12:52 PM
Subject: RE: VPN - Freeswan


Caro Luiz,

Já trocamos alguns e-mails sobre Freeswan no Debian.

Preciso fechar um tunnel com um CISCO VPN 3000 (Altiga) e esta me retornando
as msg abaixo.
Pelo que eu entendi, a fase da autenticação com a PSK foi bem sucedida,
agora ele está reclamando  com a seguinte mensagem:  our client ID returned
doesn't match my proposal.

Anexei alguns dados da conexão.

Grato pela ajuda.

Augusto

gw01-rtr:~# ipsec setup --stop
ipsec_setup: Stopping FreeS/WAN IPsec...
IPSEC EVENT: KLIPS device ipsec0 shut down.
gw01-rtr:~# ipsec setup --start
ipsec_setup: Starting FreeS/WAN IPsec 1.96...
gw01-rtr:~# ipsec auto --up h2h
104 "h2h" #1: STATE_MAIN_I1: initiate
003 "h2h" #1: ignoring Vendor ID payload
106 "h2h" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "h2h" #1: ignoring Vendor ID payload
003 "h2h" #1: ignoring Vendor ID payload
003 "h2h" #1: ignoring Vendor ID payload
003 "h2h" #1: ignoring Vendor ID payload
108 "h2h" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "h2h" #1: ignoring Vendor ID payload
004 "h2h" #1: STATE_MAIN_I4: ISAKMP SA established
112 "h2h" #2: STATE_QUICK_I1: initiate
003 "h2h" #2: our client ID returned doesn't match my proposal
218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION
003 "h2h" #2: our client ID returned doesn't match my proposal
218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION
010 "h2h" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
003 "h2h" #2: our client ID returned doesn't match my proposal
218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION
003 "h2h" #2: our client ID returned doesn't match my proposal
218 "h2h" #2: STATE_QUICK_I1: INVALID_ID_INFORMATION
010 "h2h" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "h2h" #2: max number of retransmissions (2) reached STATE_QUICK_I1
000 "h2h" #2: starting keying attempt 2 of an unlimited number, but
releasing whack
gw01-rtr:~#


Aug 18 09:46:05 gw01-rtr Pluto[16460]: shutting down
Aug 18 09:46:05 gw01-rtr Pluto[16460]: forgetting secrets
Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h": deleting connection
Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h" #3267: deleting state
(STATE_QUICK_I1)
Aug 18 09:46:05 gw01-rtr Pluto[16460]: "h2h" #3234: deleting state
(STATE_MAIN_I4)
Aug 18 09:46:05 gw01-rtr Pluto[16460]: shutting down interface ipsec0/eth0
200.xxx.yyy.10
Aug 18 09:46:12 gw01-rtr ipsec__plutorun: Starting Pluto subsystem...
Aug 18 09:46:12 gw01-rtr Pluto[17849]: Starting Pluto (FreeS/WAN Version
1.96)
Aug 18 09:46:12 gw01-rtr Pluto[17849]:   including X.509 patch (Version
0.9.9)
Aug 18 09:46:12 gw01-rtr Pluto[17849]: Changing to directory
'/etc/ipsec.d/cacerts'
Aug 18 09:46:12 gw01-rtr Pluto[17849]:   Warning: empty directory
Aug 18 09:46:12 gw01-rtr Pluto[17849]: Changing to directory
'/etc/ipsec.d/crls'
Aug 18 09:46:12 gw01-rtr Pluto[17849]:   Warning: empty directory
Aug 18 09:46:12 gw01-rtr Pluto[17849]:   could not open my X.509 cert file
'/etc/x509cert.der'
Aug 18 09:46:12 gw01-rtr Pluto[17849]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Aug 18 09:46:13 gw01-rtr Pluto[17849]: | from whack: got --esp=3des
Aug 18 09:46:13 gw01-rtr Pluto[17849]: added connection description "h2h"
Aug 18 09:46:13 gw01-rtr Pluto[17849]: listening for IKE messages
Aug 18 09:46:13 gw01-rtr Pluto[17849]: adding interface ipsec0/eth0
200.xxx.yyy.10
Aug 18 09:46:13 gw01-rtr Pluto[17849]: loading secrets from
"/etc/ipsec.secrets"
Aug 18 09:46:19 gw01-rtr Pluto[17849]: "h2h" #1: initiating Main Mode
Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Vendor ID payload
Aug 18 09:46:20 gw01-rtr last message repeated 5 times
Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: Peer ID is ID_IPV4_ADDR:
'198.xxx.yyy.50'
Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #1: ISAKMP SA established
Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #2: initiating Quick Mode
PSK+ENCRY
PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY
Aug 18 09:46:20 gw01-rtr Pluto[17849]: "h2h" #2: our client ID returned
doesn't match my proposal
Aug 18 09:46:39 gw01-rtr last message repeated 3 times
Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Delete SA payload
Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: received and ignored
informational message
Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: ignoring Delete SA payload
Aug 18 09:46:47 gw01-rtr Pluto[17849]: "h2h" #1: received and ignored
informational message
Aug 18 09:46:50 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange
message or an established SAKMP SA must be encrypted
Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #2: max number of
retransmissions (2) reached TATE_QUICK_I1Aug 18 09:47:30 gw01-rtr
Pluto[17849]: "h2h" #2: starting keying attempt 2 of an unlimited number,
but releasing whack
Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #3: initiating Quick Mode
PSK+ENCRY
PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #2
Aug 18 09:47:30 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange
message
for an established ISAKMP SA must be encrypted
Aug 18 09:48:00 gw01-rtr last message repeated 2 times
Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #3: max number of
retransmissions (
2) reached STATE_QUICK_I1
Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #3: starting keying attempt 3
of an
 unlimited number
Aug 18 09:48:40 gw01-rtr Pluto[17849]: "h2h" #4: initiating Quick Mode
PSK+ENCRY
PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #3
Aug 18 09:48:41 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange
message
for an established ISAKMP SA must be encrypted
Aug 18 09:49:10 gw01-rtr last message repeated 2 times
Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #4: max number of
retransmissions (
2) reached STATE_QUICK_I1
Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #4: starting keying attempt 4
of an
 unlimited number
Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #5: initiating Quick Mode
PSK+ENCRY
PT+TUNNEL+DISABLEARRIVALCHECK+DONTREKEY to replace #4
Aug 18 09:49:50 gw01-rtr Pluto[17849]: "h2h" #1: Informational Exchange
message
for an established ISAKMP SA must be encrypted
gw01-rtr:~#
Reply to:
Prev by Date: Re: VPN - Freeswan
Next by Date: RE: VPN - Freeswan
Previous by thread: Re: VPN - Freeswan
Next by thread: RE: VPN - Freeswan
Index(es):
- Date
- Thread