|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Design] Super FreeSWAN 1.99.6 broken
Date: Wed Mar 26 2003 - 17:00:28 EST
Hi,
After looking at the issue 'no connection know for ..' problem again I come to the conclusion that something is broken since at least super-freeswan 1.99.5rc2 :
Mar 26 22:35:00 fw pluto[4215]: "dhcp"[4] 213.196.17.109 #6: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===213.93.97.7[@base.jdimedia.nl]:17/0...213.196.17.109[C=NL, ST=Gelderland, O=Igmar, CN=laptop.jdimedia.nl, E=laptop@jdimedia.nl]:17/0===10.20.1.100/32
This is without NAT-T, just a plain DHCP-over-IPSEC config that works with FreeSWAN 1.99 + X509 patch + AES + delete-notiy (I'll look up the version tomorrow).
I'll do a manual patchup to the above setup, but with the lates version to see if the problem goes away.
The config (this does work on an older version) :
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
# basic configuration
conn %default
keyingtries=3
ikelifetime=3h
keylife=1h
disablearrivalcheck=no
authby=rsasig
left=%defaultroute
leftcert=base-test.pem
leftid=@base.jdimedia.nl
right=%any
rightrsasigkey=%cert
esp=des3,aes128
auto=add
conn dhcp
rekey=no
keylife=60s
rekeymargin=30s
leftsubnet=0.0.0.0/0
leftprotoport=udp/bootps
rightprotoport=udp/bootpc
conn roadwarrior
leftsubnet=10.0.0.0/16
rightsubnetwithin=10.20.0.0/16
conn roadwarrior-sentinel
leftsubnet=0.0.0.0/0
rightsubnetwithin=10.20.0.0/24
Anyone got a clue ??
Regards,
Igmar
Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Wed Mar 26 17:47:47 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:57 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |