Hosting Provided By

[Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody and Win Xp

From: Frieder 'cfreak' Kundel <cfreak(at)ckras.com>
Date: Thu Apr 29 2004 - 14:45:07 EDT

Hello,

Now i am trying for days to get Freeswan working (a few hours ago i started again at the beginning but no success)

(Sorry for my big mail, but i thought its better to send all config files with this mail, and also sorry for my (bad?) english, i'm of German nationality.

Perhaps you find any mistake I did:

I used http://www.natecarlson.com/linux/ipsec-x509.php as Howto.

Windowsbox --> HardwareRouter <--> Inet-Server <-- Local Network (192.168.1.10)--> 192.168.1.1 <--> 82.149.x.y <-- 192.168.0.x

Linux 2.4.26-grsec #3 SMP Tue Apr 27 19:23:22 CEST 2004 i686 unknown Linux FreeS/WAN 2.05
Installed: freeswan-2.05-x509-1.5.3.tar.gz

### Config ipsec.conf ###
version 2.0 # conforms to second version of ipsec.conf specification

Do you need help?

# basic configuration
config setup

        interfaces="ipsec0=eth0:2"
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        rightrsasigkey=%cert
        leftrsasigkey=%cert
        authby=rsasig
        keyingtries=1
        compress=yes
        disablearrivalcheck=no

# OE policy groups are disabled by default conn block

auto=ignore
conn clear

auto=ignore
conn private

auto=ignore
conn private-or-clear

auto=ignore
conn clear-or-private

auto=ignore
conn packetdefault

auto=ignore

Do you need more help?

conn roadwarrior

        right=%any
        left=192.168.0.69
        auto=add
        pfs=yes

conn roadwarrior-net
        leftsubnet=192.168.0.0/255.255.0.0
        also=roadwarrior        

######### ipsec.secrets     #########

: RSA <snip>.dyndns.info.key "<snip>"
: RSA full-host-of-gateway.key "<snip>"
: RSA {

        # RSA 1776 bits      Thu Apr 29 19:00:22 2004
        # for signatures only, UNSAFE FOR ENCRYPTION
        #pubkey=
        Modulus: 0x8127fb
        PublicExponent: 0x03
        # everything after this point is secret
        PrivateExponent: 0
        Prime1: 0xba971b8 
        Prime2: 0xb133750
        Exponent1: 0x7c64
        Exponent2: 0x7622
        Coefficient: 0xa2
        }
####### /etc/ipsec.d/

/etc/ipsec.d# ls *
<snip>.dyndns.info.pem full-host-of-gateway.pem aacerts:
cacerts:
cacert.pem
certs:
crls:
crl.pem
ocspcerts:
policies:
block clear clear-or-private private private-or-clear private:
<snip>.dyndns.info.key full-host-of-gateway.key

#######

eth0 inet addr:82.149.x.y Bcast:82.149.<snip> Mask:255.255.254.0 eth0:1 inet addr:192.168.0.69 Bcast:192.168.0.255 Mask:255.255.255.0 eth0:2 inet addr:82.149.x.y2 Bcast:82.149.<snip> Mask:255.255.254.0 ipsec0 inet addr:82.149.x.y2 Mask:255.255.<snip>

#########
etc/ipsec.d# ipsec verify
Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                         [OK]
Linux FreeS/WAN 2.05
Checking for IPsec kernel support: found KLIPS                          [OK]
Checking that pluto is running                                          [OK]

##### Logs:

==> /var/log/auth.log <==
ipsec__plutorun: Starting Pluto subsystem...

pluto[18606]: Starting Pluto (FreeS/WAN Version 2.05 X.509-1.5.3 PLUTO_USES_KEYRR)
pluto[18606]: Using KLIPS IPsec interface code
pluto[18606]: Changing to directory '/etc/ipsec.d/cacerts'
pluto[18606]:   loaded CA cert file 'cacert.pem' (1533 bytes)
pluto[18606]: Changing to directory '/etc/ipsec.d/aacerts'
pluto[18606]: Changing to directory '/etc/ipsec.d/ocspcerts'
pluto[18606]: Changing to directory '/etc/ipsec.d/crls'
pluto[18606]:   loaded crl file 'crl.pem' (658 bytes)

Can we help you?

==> /var/log/syslog <==

ipsec_setup: Starting FreeS/WAN IPsec 2.05...
ipsec_setup: KLIPS debug `none'
ipsec_setup: KLIPS ipsec0 on eth0:2 82.149.x.y2/255.255.254.0 broadcast 82.149.x.y
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.freeswan.org Links
1998-fall
1998-spring
1998-summer
1998-winter
1999-winter
announce
briefs
bugs
design
freeswan-list
hipsec
ietf-sectest
users
users-admin
Request more information about Pantek
ipsec_setup: ...FreeS/WAN IPsec started

==> /var/log/auth.log <==

pluto[18606]: added connection description "roadwarrior"
pluto[18606]: listening for IKE messages
pluto[18606]: adding interface ipsec0/eth0:2 82.149.x.y2
pluto[18606]: loading secrets from "/etc/ipsec.secrets"
pluto[18606]:   loaded private key file '/etc/ipsec.d/private/.dyndns.info.key' (1743 bytes)
pluto[18606]:   loaded private key file '/etc/ipsec.d/private/full-hostname-of-gateway.key' (1743 bytes

####

######################## Windows Client: ##########################

conn %default
        authby=rsasig
        keyingtries=0

conn roadwarrior
        left=%any
        right=82.149.x.y2
        rightca="C=DE,S=bla,L=bla,O=bla,OU=bla,CN=CFREAK,E=cfreak@cfreak.de"
        network=auto
        auto=start
        pfs=yes

conn roadwarrior-net
        left=%any
        right=82.149.x.y2
        rightsubnet=192.168.0.0/255.255.0.0
        rightca="C=DE,S=bla,L=bla,O=bla,OU=bla,CN=CFREAK,E=cfreak@cfreak.de"
        network=auto
        auto=start
        pfs=yes

############

Connection roadwarrior:

        MyTunnel     : 192.168.1.10
        MyNet        : 192.168.1.10/255.255.255.255
        PartnerTunnel: 82.149.x.y2
        PartnerNet   : 82.149.x.y2/255.255.255.255
        CA (ID)      : C=DE,S=bla,L=bla,O=bla,OU=bla,CN=CFREAK,E=cfreak@c...
        PFS          : y
        Auto         : start
        Auth.Mode    : MD5
        Rekeying     : 3600S/50000K
        Activating policy...

Connection roadwarrior-net:
        MyTunnel     : 192.168.1.10
        MyNet        : 192.168.1.10/255.255.255.255
        PartnerTunnel: 82.149.x.y2
        PartnerNet   : 192.168.0.0/255.255.0.0
        CA (ID)      : C=DE,S=bla,L=bla,O=bla,OU=bla,CN=CFREAK,E=cfreak@c...
        PFS          : y
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.freeswan.org Links
1998-fall
1998-spring
1998-summer
1998-winter
1999-winter
announce
briefs
bugs
design
freeswan-list
hipsec
ietf-sectest
users
users-admin
Request more information about Pantek
        Auto         : start
        Auth.Mode    : MD5
        Rekeying     : 3600S/50000K
        Activating policy...

########### Linux logs say:

pluto[18606]: packet from 80.145.:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
 pluto[18606]: packet from 80.145:500: initial Main Mode message received on 82.149.x.y2:500 but no connection has been authorized
pluto[18606]: packet from 80.145.:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da

pluto[18606]: packet from 80.145.:500: initial Main Mode message received on 82.149.x.y2:500 but no connection has been authorized pluto[18606]: packet from 80.145.:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da pluto[18606]: packet from 80.145.:500: initial Main Mode message received on 82.149.x.y2:500 but no connection has been authorized

I added the <snip>.dyndns.info to Windows via msc.

Thank you in advance,

Confused? Frustrated?

Best regards

-- 
Frieder 'cfreak' Kundel
mailto:cfreak@ckras.com

_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr

Received on Thu Apr 29 14:48:45 2004

This message: [ Message body ]
Next message: Reinhold Plew: "Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody"
Previous message: users(at)lists.freeswan.org: "[Users] Onderwerp: Norman Internet Protection - Malware-waarschuwing!"
Next in thread: Reinhold Plew: "Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody"
Reply: Reinhold Plew: "Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody"
Reply: Andreas Steffen: "Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:34 EDT