Hosting Provided By

[Users] XP Freeswan Problems

From: Mache Creeger <mache(at)creeger.com>
Date: Tue Feb 18 2003 - 00:35:26 EST

I am still plugging away.

I carefully reloaded everything and regenerated all the certs. I now have gotten the following /var/log/secure listing.

Still trying to get a VPN tunnel between my XP Pro laptop and Freeswan.

Regards,

Mache Creeger

Feb 17 21:03:55 digit ipsec__plutorun: Starting Pluto subsystem...
Feb 17 21:03:55 digit pluto[2462]: Starting Pluto (FreeS/WAN Version 1.99)
Feb 17 21:03:55 digit pluto[2462]:   including X.509 patch (Version 0.9.15)
Feb 17 21:03:55 digit pluto[2462]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 17 21:03:55 digit pluto[2462]:   loaded cacert file 'cacert.pem' (1456

bytes)

Feb 17 21:03:55 digit pluto[2462]: Changing to directory '/etc/ipsec.d/crls'
Feb 17 21:03:55 digit pluto[2462]:   loaded crl file 'crl.pem' (633 bytes)
Feb 17 21:03:55 digit pluto[2462]:   could not open my default X.509 cert

file '/etc/x509cert.der'
Feb 17 21:03:55 digit pluto[2462]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Feb 17 21:03:56 digit pluto[2462]: loaded host cert file
'/etc/ipsec.d/digit.creeger.com.pem' (4738 bytes)
Feb 17 21:03:56 digit pluto[2462]: loaded host cert file
'/etc/ipsec.d/punchbuggy.creeger.com.pem' (4751 bytes)
Feb 17 21:03:56 digit pluto[2462]: added connection description "roadwarrior" Feb 17 21:03:56 digit pluto[2462]: loaded host cert file
'/etc/ipsec.d/digit.creeger.com.pem' (4738 bytes)
Feb 17 21:03:56 digit pluto[2462]: loaded host cert file
'/etc/ipsec.d/punchbuggy.creeger.com.pem' (4751 bytes)
Feb 17 21:03:56 digit pluto[2462]: added connection description "roadwarrior-net"

Feb 17 21:03:56 digit pluto[2462]: listening for IKE messages
Feb 17 21:03:56 digit pluto[2462]: adding interface ipsec0/ppp0 68.164.28.156
Feb 17 21:03:56 digit pluto[2462]: loading secrets from "/etc/ipsec.secrets"
Feb 17 21:03:56 digit pluto[2462]:   loaded private key file

'/etc/ipsec.d/private/digit.creeger.com.key' (1751 bytes)

Feb 17 21:04:27 digit pluto[2462]: shutting down
Feb 17 21:04:27 digit pluto[2462]: forgetting secrets
Feb 17 21:04:27 digit pluto[2462]: "roadwarrior-net": deleting connection
Feb 17 21:04:27 digit pluto[2462]: "roadwarrior": deleting connection
Feb 17 21:04:27 digit pluto[2462]: shutting down interface ipsec0/ppp0

68.164.28.156

Feb 17 21:04:30 digit ipsec__plutorun: Starting Pluto subsystem...
Feb 17 21:04:30 digit pluto[2826]: Starting Pluto (FreeS/WAN Version 1.99)
Feb 17 21:04:30 digit pluto[2826]:   including X.509 patch (Version 0.9.15)
Feb 17 21:04:30 digit pluto[2826]: Changing to directory '/etc/ipsec.d/cacerts'
Feb 17 21:04:30 digit pluto[2826]:   loaded cacert file 'cacert.pem' (1456

bytes)

Feb 17 21:04:30 digit pluto[2826]: Changing to directory '/etc/ipsec.d/crls'
Feb 17 21:04:30 digit pluto[2826]:   loaded crl file 'crl.pem' (633 bytes)
Feb 17 21:04:30 digit pluto[2826]:   could not open my default X.509 cert 
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.freeswan.org Links
1998-fall
1998-spring
1998-summer
1998-winter
1999-winter
announce
briefs
bugs
design
freeswan-list
hipsec
ietf-sectest
users
users-admin
Request more information about Pantek

file '/etc/x509cert.der'
Feb 17 21:04:30 digit pluto[2826]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Feb 17 21:04:31 digit pluto[2826]: loaded host cert file
'/etc/ipsec.d/digit.creeger.com.pem' (4738 bytes)
Feb 17 21:04:31 digit pluto[2826]: loaded host cert file
'/etc/ipsec.d/punchbuggy.creeger.com.pem' (4751 bytes)
Feb 17 21:04:31 digit pluto[2826]: added connection description "roadwarrior" Feb 17 21:04:31 digit pluto[2826]: loaded host cert file
'/etc/ipsec.d/digit.creeger.com.pem' (4738 bytes)
Feb 17 21:04:31 digit pluto[2826]: loaded host cert file
'/etc/ipsec.d/punchbuggy.creeger.com.pem' (4751 bytes)
Feb 17 21:04:31 digit pluto[2826]: added connection description "roadwarrior-net"

Feb 17 21:04:31 digit pluto[2826]: listening for IKE messages
Feb 17 21:04:31 digit pluto[2826]: adding interface ipsec0/ppp0 68.164.28.156
Feb 17 21:04:31 digit pluto[2826]: loading secrets from "/etc/ipsec.secrets"
Feb 17 21:04:31 digit pluto[2826]:   loaded private key file

'/etc/ipsec.d/private/digit.creeger.com.key' (1751 bytes)
Feb 17 21:06:41 digit pluto[2826]: packet from 209.86.4.250:500: ignoring Vendor ID payload
Feb 17 21:06:41 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: responding to Main Mode from unknown peer 209.86.4.250 Feb 17 21:06:43 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: Peer ID is ID_DER_ASN1_DN: 'C=US, ST=CA, L=PV, CN=punchbuggy.creeger.co m, E=junk@creeger.com'
Feb 17 21:06:43 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: sent MR3, ISAKMP SA established
Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3 Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: responding to Quick Mode
Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:06:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host command exited with status 7
Feb 17 21:06:55 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:06:55 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:06:55 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:06:55 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host command exited with status 7
Feb 17 21:06:55 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #2: pfkey write() of SADB_DELETE message 22 for Delete SA esp.e59b0f ec@68.164.28.156 failed. Errno 3: No such process Feb 17 21:06:55 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 16 00 00 00 0a 0b 00 00
Feb 17 21:06:55 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ec 00 01 00 00 00 00 00 00
Feb 17 21:06:55 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:06:55 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:06:55 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:07:14 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:07:14 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:07:14 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:07:14 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: route-host command exited with status 7
Feb 17 21:07:14 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #2: pfkey write() of SADB_DELETE message 29 for Delete SA esp.e59b0f ec@68.164.28.156 failed. Errno 3: No such process Feb 17 21:07:14 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 1d 00 00 00 0a 0b 00 00
Feb 17 21:07:14 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ec 00 01 00 00 00 00 00 00
Feb 17 21:07:14 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:07:14 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:07:14 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:07:17 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: ignoring Delete SA payload
Feb 17 21:07:17 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: received and ignored informational message Feb 17 21:07:17 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: ignoring Delete SA payload
Feb 17 21:07:17 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #1: received and ignored informational message Feb 17 21:07:41 digit pluto[2826]: packet from 209.86.4.250:500: ignoring Vendor ID payload
Feb 17 21:07:41 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: responding to Main Mode from unknown peer 209.86.4.250 Feb 17 21:07:42 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: Peer ID is ID_DER_ASN1_DN: 'C=US, ST=CA, L=PV, CN=punchbuggy.creeger.co m, E=junk@creeger.com'
Feb 17 21:07:42 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: sent MR3, ISAKMP SA established
Feb 17 21:07:43 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3 Feb 17 21:07:43 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: responding to Quick Mode
Feb 17 21:07:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:07:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:07:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:07:44 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host command exited with status 7
Feb 17 21:07:53 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:07:53 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:07:53 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:07:53 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host command exited with status 7
Feb 17 21:07:53 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #4: pfkey write() of SADB_DELETE message 47 for Delete SA esp.e59b0f ed@68.164.28.156 failed. Errno 3: No such process Feb 17 21:07:53 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 2f 00 00 00 0a 0b 00 00
Feb 17 21:07:53 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ed 00 01 00 00 00 00 00 00
Feb 17 21:07:53 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:07:53 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:07:53 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:07:54 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #2: max number of retransmissions (2) reached STATE_QUICK_R1 Feb 17 21:07:54 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #2: pfkey write() of SADB_DELETE message 48 for Delete SA esp.e59b0f ec@68.164.28.156 failed. Errno 3: No such process Feb 17 21:07:54 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 30 00 00 00 0a 0b 00 00
Feb 17 21:07:54 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ec 00 01 00 00 00 00 00 00
Feb 17 21:07:54 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:07:54 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:07:54 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:08:13 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: SIOCADDRT: Network is unreachable Feb 17 21:08:13 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 209.86 .4.250 netmask 255.255.255.255 dev ipsec0 gw 209.86.4.250' failed Feb 17 21:08:13 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Feb 17 21:08:13 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: route-host command exited with status 7
Feb 17 21:08:14 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #4: pfkey write() of SADB_DELETE message 55 for Delete SA esp.e59b0f ed@68.164.28.156 failed. Errno 3: No such process Feb 17 21:08:14 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 37 00 00 00 0a 0b 00 00
Feb 17 21:08:14 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ed 00 01 00 00 00 00 00 00
Feb 17 21:08:14 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:08:14 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:08:14 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:08:53 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #4: max number of retransmissions (2) reached STATE_QUICK_R1 Feb 17 21:08:53 digit pluto[2826]: ERROR: "roadwarrior"[1] 209.86.4.250 #4: pfkey write() of SADB_DELETE message 56 for Delete SA esp.e59b0f ed@68.164.28.156 failed. Errno 3: No such process Feb 17 21:08:53 digit pluto[2826]: | 02 04 00 03 0a 00 00 00 38 00 00 00 0a 0b 00 00
Feb 17 21:08:53 digit pluto[2826]: | 02 00 01 00 e5 9b 0f ed 00 01 00 00 00 00 00 00
Feb 17 21:08:53 digit pluto[2826]: | 03 00 05 00 00 00 00 00 02 00 01 f4 d1 56 04 fa
Feb 17 21:08:53 digit pluto[2826]: | 00 00 00 00 00 00 00 00 03 00 06 00 00 00 00 00
Feb 17 21:08:53 digit pluto[2826]: | 02 00 00 00 44 a4 1c 9c 00 00 00 00 00 00 00 00
Feb 17 21:09:21 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: ignoring Delete SA payload
Feb 17 21:09:21 digit pluto[2826]: "roadwarrior"[1] 209.86.4.250 #3: received and ignored informational message

At 01:53 PM 2/17/03, you wrote:

>Well, just but the certificate of the CA which issued the
>roadwarrior certificate into the directory /etc/ipsec.d/cacerts.
>Apparently cacert.pem is not right CA certificate.
>
>Regards
>
>Andreas

Do you need more help?

_______________________________________________ Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

text/plain attachment: oakley.txt

text/plain attachment: barf.txt

text/plain attachment: ipsec.conf.xp.txt

Received on Tue Feb 18 02:05:59 2003

This message: [ Message body ]
Next message: homes: "[Users] Spice girls' vocal concert"
Previous message: Sam Sgro: "Re: [Users] dynamic-to-site VPN connection"
In reply to: Andreas Steffen: "Re: [Users] Issuer CA certificate not found - XP Freeswan Tunnel"
In reply to Mache Creeger: "[Users] Issuer CA certificate not found - XP Freeswan Tunnel"
Next in thread: Ken Bantoft: "[Users] Re: XP Freeswan Problems"
Reply: Ken Bantoft: "[Users] Re: XP Freeswan Problems"
Reply: Sam Sgro: "Re: [Users] XP Freeswan Problems"
Reply: Dmitri Gofmekler: "[Users] Please help to find a mistake."
Reply: Adam W: "[Users] FreeS/WAN with Win2k"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:18 EDT