Hosting Provided By

[Users] working ok on test machine . . . now kaput (CRL expired!)

From: stuart <stuart(at)camart.co.uk>
Date: Fri Feb 28 2003 - 04:43:51 EST

Hello,

I set up test roadwarrior's from a win2k box and a linux box and after some headaches got everything working. left well alone until i needed to use new found vpn knowledge in anger. such time has now come - i need to set up another win2k box for work. i followed nate carlsons instructions and added my own sprinkling of knowledge gained from first experience (namely the adding of a route to the win2k roadwarrior
becuase the test scenario includes the roadwarrior on the same subnet as the gateway and changing the MTU size in windows registry) - tried to ping subnet from new roadwarrior and just got an endless line of 'negotiating ip security'

checked tcpdump on the ipsec0 interface on the gateway - nothing checked for ISAKMP messages on eth0 and they were there although fewer than expected! thought this might point to my iptables rules - but they haven't changed since last attempt . . . so started banging my head against the desk and weeping quietly.

checked various outputs and everything seems ok - only anomaly is in auth.log i get: Informational exchange is from an unknown (expired) CA?

i check the output of ipsec auto --listall and it seems my CRL has expired (it was only valid for a month) - might this be causing my problem and if so how do i update/revalidate my CRL (don't know what it stands for!) without invalidating all the certificates i have issued for the roadwarrior boxes . . .

if this isn't likely to be the problem then i shall put up barfs etc on request

thanks for help

stuart

Do you need help?

stuart@camart.co.uk

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Fri Feb 28 07:30:11 2003

This message: [ Message body ]
Next message: Sam Sgro: "Re: [Users] Problem with old route"
Previous message: studio3arc.com Admin: "[Users] Getting started."
Next in thread: Andreas Steffen: "Re: [Users] working ok on test machine . . . now kaput (CRL expired!)"
Reply: Andreas Steffen: "Re: [Users] working ok on test machine . . . now kaput (CRL expired!)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:23 EDT