[Users] Still not working! Maybe fragmented certificate exchange?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

  Hello,

  I have been trying to get my win2k roadwarrior to work with my   freeswan gateway but am having no luck (still).

  I have followed the advice given and attempted to sort this out   myself but still whenever I try and ping a computer behind my   gateway I just get a constant stream of :

  'Negotiating IP Security'

  This doesn't stop until I stop pinging. The last thing I was advised   to do was to reduce the size of my certificates from 2048 to 1024   bit certs (or to set my kernel to defrag by default - but this is   always on now with later kernels of which my linux mandrake kernel   is part). So I changed my cert sizes and now the length parameter in   the exchange sequence is down from a horrid 8xxx to 1500 but I am   still not connecting properly.

  I ran tcpdump on the external interface on the gateway and only   showed those coming on port 500 - this shows some interesting   fragmented' messages which I have posted @

  http://www.camart.co.uk/freeswan/tcpdump.txt

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

  my new barf is @

  http://www.camart.co.uk/freeswan/barf.txt

  and my new oakley log is @

  http://www.camart.co.uk/freeswan/oakley.txt

  If anyone has any clues as to how to sort this out I would be very   greatful - this is so frustrating because I had this working from   this box a few monthes ago - the only things that have changed since   then are:

  installing win2k SP3
  changing my ADSL router for a new one of the same model/brand (Efficient   Networks Model 5861) - I think this is a branded Siemens device.

  Thanks in advance (and in desperation . . .)

  Stuart

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

stuart@camart.co.uk

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAPogpXOuh6DeDjCODAQHeGQP9FTDsnRiVhY6ddUjL3AJHwzwZQele6BKL pFL16j2vX+nc56R+BDiI3MuBQRa/abbHjASrgB/rqF3NN2T/zhsjwoVGW33BdUOb h0sdfKM8Ub0IYPoQq05+AJggmE+vuvnZJ88UQn5Xh89MpVsv5Qjr05qGFDYUlAlU cDm9vj40Pbk=
=tuCa
-----END PGP SIGNATURE-----