<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";}
span.E-mailStijl17
        {mso-style-type:personal-compose;
        font-family:Arial;
        color:windowtext;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=NL link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>I recently posted a lot of question, but a lot of
people don’t understand my testlab, so here’s the explanation.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>NOTE: Testlab is not connected to the INTERNET!!!!!!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Testlab:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Roadwarrior--------------------------------------gateway
firewall(no deny rules allows all)------------------------------openswan server<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Ipaddress: 192.168.0.80 external:
192.168.0.52 ipaddress:
10.0.0.1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>
Internal: 10.0.0.2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Now my ipsec.conf:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>version 2.0<br>
<br>
config setup<br>
interfaces=%defaultroute<br>
nat_traversal=yes<br>
klipsdebug=none<br>
plutodebug=none<br>
uniqueids=yes<br>
virtual_private=%v4:172.16.0.0/12,%v4:192.168.0.0/24<br>
<br>
conn %default<br>
keyingtries=1<br>
compress=yes<br>
disablearrivalcheck=no<br>
authby=rsasig<br>
leftrsasigkey=%cert<br>
rightrsasigkey=%cert<br>
<br>
conn L2TP-CERT<br>
#<br>
# Use a certificate. Disable Perfect Forward Secrecy.<br>
#<br>
authby=rsasig<br>
pfs=no<br>
left=192.168.0.52<br>
leftnexthop=10.0.0.2<br>
leftsubnet=10.0.0.0/8<br>
leftrsasigkey=%cert<br>
leftcert=/etc/ipsec.d/certs/dsfw.redhatfw.org.pem<br>
leftsendcert=always<br>
leftprotoport=17/1701<br>
#<br>
# The remote user.<br>
#<br>
right=%any<br>
rightrsasigkey=%cert<br>
rightcert=/etc/ipsec.d/certs/pc01.redhatfw.org.pem<br>
#rightsubnet=192.168.1.0/24<br>
rightprotoport=17/1701<br>
#<br>
# Authorize this connection, and wait for connection from user.<br>
#<br>
auto=add<br>
keyingtries=3<br>
<br>
#Disable Opportunistic Encryption<br>
include /etc/ipsec.d/examples/no_oe.conf<br>
</span></font><font face=Arial><span lang=EN-US style='font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>CA is setup and created certificates for server and
clients.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Now i get this in my log:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 7 12:57:16 dsfw pluto[5803]: packet from
192.168.0.80:500: initial Main Mode message received on 10.0.0.1:500 but no
connection has been authorized<br>
Aug 7 12:57:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Delete
SA payload: not encrypted<br>
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [FRAGMENTATION]<br>
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [26244d38eddb61b3...]<br>
Aug 7 12:58:49 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been
authorized<br>
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000004]<br>
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [FRAGMENTATION]<br>
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: ignoring Vendor
ID payload [26244d38eddb61b3...]<br>
Aug 7 12:58:51 dsfw pluto[5803]: packet from 192.168.0.80:500: initial Main
Mode message received on 10.0.0.1:500 but no connection has been authorized<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'>How has the answer for me??<br>
<br>
<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'>Thanks in advance.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'>Regards,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt;font-family:"Courier New"'>Rob</span></font><font
size=2 face=Arial><span lang=EN-US style='font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></p>
</div>
</body>
</html>