Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > users > 03 > 092466.html (Request Expert lists.freeswan.org Support)

[Users] FreeSWAN CA 2.02 x PIX - Trouble in phase 2

From: Alberto Fabiano <alberto(at)combat.com.br>
Date: Sat Sep 27 2003 - 19:56:42 EDT


Mrs,

        After an exhausting research for Google and reading of several papers and guides, my conclusion is that I am needing help urgently! : -)

        I have a FreeSWan CA 2.02 and am trying to stablish a VPN with a PIX through 3DES, MD5, IKE dh 2, using PSK the some days and I NOT obtaining success in the phase 2 of IPSec, will it be that anybody could feel a help?

        In an initial moment, I got to close VPN (phase 1 and 2) and I made some tests without a lot of headaches, but now, I don't know because am not getting more to close.

        It follows the parts of my ipsec.conf below, whack status and related to this tunnel.

# cat /var/chroot-ipsec/etc/ipsec.conf

#
# Default Configuration File for FreeS/WAN IPSEC
#

config setup 

        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=all
        dumpdir=
        manualstart=
        fragicmp=no
        packetdefault=drop
        hidetos=yes
        uniqueids=yes
        overridemtu=16260
        nocrsend=yes
        nat_traversal=yes
        keep_alive=60

conn %default
        rekeymargin=9m
        rekeyfuzz=100%
        keyingtries=0

conn VPN_5
        type=tunnel
        keyexchange=ike
        pfsgroup=modp1024
        pfs=yes
        auto=start
        authby=secret
        ike=3des-md5-modp1024
        esp=3des-md5-96
        keylife=28800
        ikelifetime=2880
        compress=no
        left=192.168.1.22
        leftsubnet=192.168.1.5/255.255.255.255
        leftnexthop=10.10.1.119
        right=10.10.18.143
        rightsubnet=10.10.18.146/255.255.255.255
        rightnexthop=10.10.38.10
        leftupdown="/opt/_updown 2>/tmp/log 1>/tmp/log"
        rightupdown="/opt/_updown 2>/tmp/log 1>/tmp/log"
        leftid=192.168.1.22
        rightid=10.10.18.143
Do you need help?X

# chroot /var/chroot-ipsec/ /usr/local/lib/ipsec/whack --status

000 interface ipsec0/eth0 192.168.1.22
000 interface ipsec0/eth0 192.168.1.22
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168, keysizemax=168
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,6,36} trans={0,6,96} attrs={0,6,160}
000

000 "VPN_5":
192.168.1.5/32===192.168.1.22---10.10.1.119...10.10.38.10---10.10.18.143===1 0.10.18.146/32
000 "VPN_5": ike_life: 2880s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 

000 "VPN_5":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; trap erouted
000 "VPN_5":   newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0
000 "VPN_5":   IKE algorithms wanted: 5_000-1-2, flags=-strict
000 "VPN_5":   IKE algorithms found:  5_192-1_128-2,
000 "VPN_5":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "VPN_5":   ESP algorithms wanted: 3_000-1, ; pfsgroup=2; flags=strict
000 "VPN_5":   ESP algorithms loaded: 3_168-1_128,
000
000 #6: "VPN_5" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 4s
000 #1: "VPN_5" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1673s; newest ISAKMP
000

        Awaiting help for my problem...

Thanks for all!!!
- Kind Regards.

Alberto Fabiano


e-mail: alberto@combat.com.br

-----BEGIN PGP PUBLIC KEY BLOCK----- mQGiBD9spjwRBACQ2aQEqcQyGxaoNX4Zvk/9v6fCxyPWAcBQSSiPjJyi3cXa9kLB XsQjdgBY90x45wFwI0QwneWFCP364YZXdo7ZRPiLjI+qV6expjCIIm/LXi1LphwK 6l87HYbm74a2T6mdxRmxhCrgsA+ezSCEkMA9YolPw2r+ufvp59IrrYHrcwCg5aTW LbsbVQ2i+beAfpFPw8muW1kEAINssb8RXbilwIL6k7ZPbHQghkTIM7iIK5eGwMOx lYtmzoA2tCzJla0tp9G1ls2hW12d6io80P5jbYpx+17nhPV49oVA6yKGJNCaTAzi uyRxUYOYhSyS8PXxOPp600NGJ8qiX53JEPKPLxoiF/HG6EWihEIDFqvI11mIEcfi WFTDA/0SKjjkKt+S1fk42AbnE39pz1Kn6av2hYz00DX4XensZcnmmcbA1eO0a+TP foTl0x2ipHN7eymcVudDVU6fbQu18SJa+rSutW3GBmreRDi0NQ4vilCAVueyQpVP WS/jnOcw+uQp2PRkY8ylKxIOcgQZqy56jCEcbFH/eTxTfqA6c7REQWxiZXJ0byBG YWJpYW5vIENhaXJlcyBkZSBNZWRlaXJvcyAoazRsMXBzMCkgPGFsYmVydG9AY29t YmF0LmNvbS5icj6IWwQTEQIAGwUCP2ymPAYLCQgHAwIDFQIDAxYCAQIeAQIXgAAK CRDlbFd4k92tdCi4AJ9EyxOlZMrAdINGlB6GBs9/jG3omwCfdLbqML4sXLCMoXU/ dJNLLC+lBSK5AQ0EP2ymQBAEAL5xjfRLFgxBVEiBK3Kr+1y75euY5nKC8H0CJy93 w0YTB2E3DMVNFBX6woj7jnoW5+F+/a0+iVfOgkHWeGbvE7ZghCphrb4AOa2j3DHA eP2GNQarNEqP1v3RYa8e7WNEUx/RVnhxeW7XMsX7ylGx9e8QTTwAEFFc3gUoiYTn 2ljrAAMFA/4gDsxYp68UWniwzSCFgq16a6ATscTF45aPq0ROkUepWIMKY2/X/FQc e4FMSzRWC38fKILrkxhoaWIx1r2MFUiQtk3ItdXSDh5u2D/U+nHQqhYcgqjTzsfK 659HXw5GzmzbpueKymD6wsU1uYf9sq7dYxqQBJMleNB6vZi+ODZmRYhGBBgRAgAG BQI/bKZAAAoJEOVsV3iT3a1098cAn0BnS7NFu98qLc7XQL//rBh94EqzAJ9KGwCF K15S/3LqsNGqQEMRdzdQaw==
=R5pw
-----END PGP PUBLIC KEY BLOCK----- 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
http://www.grisoft.com).
Version: 6.0.521 / Virus Database: 319 - Release Date: 23/9/2003

_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
Received on Sat Sep 27 19:57:03 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:33 EDT

Do you need more help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library