RES: [Users] Authentication problems FreeSWAN + X509 and W2K/XP Clients

Send to us your ipsec.conf.

Atenciosamente,

Jfabricio - Coordenador de TI
Greenwich International
São Paulo - Matriz
jfabricio@greenwichint.com.br

-----Mensagem original-----

De: users-admin@lists.freeswan.org [mailto:users-admin@lists.freeswan.org]Em nome de Kallabis, Marcus
Enviada em: sexta-feira, 21 de fevereiro de 2003 07:44 Para: 'users@lists.freeswan.org'
Assunto: [Users] Authentication problems FreeSWAN + X509 and W2K/XP Clients

Hi,
I've some problems to set up an ipsec connection betweeen a linux box running FreeSWAN 1.99 with the appropriate X509 patch and W2K/XP clients using the ipsec tool from Marcus Mueller. I've read some Howtos (i.e. Nate Carlson) and checked my config some times but I cannot get rid of the problems.

First: After calling 'ipsec' there is no route to the rightsubnet - a ping leads to the message "network unreachable". After adding a route like "route add rightsubnet mask leftip metric 1" the ping leads to "negotiating ip security". All the Howtos and install docs say that after calling ipsec you have only to do the ping ... Should ipsec tool add a route to the rightsubnet and I made a mistake in my configuration or is it necessary to add the route by hand ?

Second (and the important thing, I guess): The authentication failed, but I'm not sure if the problem is related to the missing route after calling ipsec tool. The "oakley.log" shows some errors during crypt processes, but I've no idea how to solve this.

I added the ipsec.config files from the windows and the linux ssystem, the oakley.log and a part of the messages file from the linux system.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Perhaps someone has an idea how to solve this problems. Thanks,
Marcus

---

Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/03

---

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 18/02/03