<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">Hi Paul,</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">I have restarted the ipsec services in both Windows and linux with </font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">#ipsec setup restart<br>and on windows C:/>net stop policyagent and C:/>net start policyagent</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">commands.</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">And then I tried to make connection again. Unfortunatelly it did not work. All the log files are the same. so there is no need to post the log files again.
</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">But as you can see below, the linux log file at /var/log/messages gave some errors. It seems that there is something wrong with the line 21 and 25 of the /etc/ipsec.secrets file. I copied the
ipsec.secrets file below. In case it helps, I also posted the /etc/ipsec.conf as well.</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">Could you please take a look at it and tell me what is wrong?</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">One other question that I have is according to windows event viever, </font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt">
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">IKE security association established.</span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'"><span style="mso-spacerun: yes"> </span>Mode: </span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">Key Exchange Mode (Main Mode)</span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'"></span> </p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">AND</span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'"></span> </p><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">KE security association established.</span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'"><span style="mso-spacerun: yes"> </span>Mode: </span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">Data Protection Mode (Quick Mode)</span></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'"></span> </p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><span style="FONT-SIZE: 8.5pt; FONT-FAMILY: 'MS Shell Dlg'">How come then there is no connection yet?</span></p></span></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">I was also wondering if it is possible for someone to post log files for a running openswan VPN connection between a linux box and a windows client based on x509 certificates. It might help to learn the steps that are taken with a successful connection.
</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">I really appreciate for all the help I am getting from Paul and possible future responders.</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">Thank you</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman" size="2">Can Akalin</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman"></font> </div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">>>>>>>>>>>>>>>>LOG FILE FROM LINUX MACHINE /var/log/messages<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">...</font></div>
<div class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver pluto[6715]: loading secrets from "/etc/ipsec.secrets"</font></div>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver pluto[6715]: "/etc/ipsec.secrets" line 21: malformed end of RSA private key -- indented '}' required</font>
</p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver pluto[6715]: ERROR "/etc/ipsec.secrets" line 21: index "}" illegal (non-DNS-name) character in name
</font></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver pluto[6715]: "/etc/ipsec.secrets" line 25: unexpected end of id list</font></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver pluto[6715]:<span style="mso-spacerun: yes"> </span>loaded private key file '/etc/ipsec.d/private/host.example.com.key' (1728 bytes)
</font></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver ipsec__plutorun: 003 "/etc/ipsec.secrets" line 21: malformed end of RSA private key -- indented '}' required
</font></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver ipsec__plutorun: 003 ERROR "/etc/ipsec.secrets" line 21: index "}" illegal (non-DNS-name) character in name
</font></p>
<p class="MsoNormal" style="MARGIN: 0in 0in 0pt"><font face="Times New Roman">Mar 17 15:41:08 linuxserver ipsec__plutorun: 003 "/etc/ipsec.secrets" line 25: unexpected end of id list</font></p>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">Mar 17 16:01:36 linuxserver pluto[6715]: packet from
<a href="http://192.168.1.76:500"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.76:500" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.76:500</a>: ignoring </span></div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">...</span></div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">>>>>>>>>>>>>>/etc/ipsec.secrets<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
</span></div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA"></span> </div>
<div><span style="FONT-SIZE: 12pt; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: AR-SA">
<p># This file holds shared secrets or RSA private keys for inter-Pluto<br># authentication. See ipsec_pluto(8) manpage, and HTML documentation.<br>#<br># RSA private key for this host, authenticating it to any other host
<br># which knows the public part. Suitable public keys, for ipsec.conf, DNS,<br># or configuration of other implementations, can be extracted conveniently<br># with "ipsec showhostkey".<br>: RSA {<br> # RSA 2048 bits linuxserver Mon Mar 13 10:54:17 2006
<br> # for signatures only, UNSAFE FOR ENCRYPTION<br> #pubkey=0sAQO1BQlk3q4J5+6gd/17HH3Osm9oOs6YPUiFTPfnHwBmI/O0/dAHruDB6ZQwvN0CIBXXavCFlOaO4nCabM0czn9J+COhYG0DDUn43ERPUN+bKWM6c5OpsIo0KfXNQlILetSLPRlzqYxz8Cu337mL/i8W8sazEVkl04g3dB3ORx6/CaQHfVtRvC02hMo06tT8QEU3osdnbRtWQWjcUDC/4SAeb1VjCbzDPvnvmLONRfPSePrxJdKm1upRnNVGbJNWeqpW56EbuYeFKlTYj7/pOSAFrJtKHeL02JS1hbqKxsyKQ2Hch5S7m2YErRmgZGPciXUGna/9s6tt4oI+m5eQl2+1
<br> Modulus: 0xb5050964deae09e7eea077fd7b1c7dceb26f683ace983d48854cf7e71f006623f3b4fdd007aee0c1e99430bcdd022015d76af08594e68ee2709a6ccd1cce7f49f823a1606d030d49f8dc444f50df9b29633a7393a9b08a3429f5cd42520b7ad48b3d1973a98c73f02bb7dfb98bfe2f16f2c6b3115925d38837741dce471ebf09a4077d5b51bc2d3684ca34ead4fc404537a2c7676d1b564168dc5030bfe1201e6f556309bcc33ef9ef98b38d45f3d278faf125d2a6d6ea519cd5466c93567aaa56e7a11bb987852a54d88fbfe9392005ac9b4a1de2f4d894b585ba8ac6cc8a4361dc8794bb9b6604ad19a06463dc8975069daffdb3ab6de2823e9b9790976fb5
<br> PublicExponent: 0x03<br> # everything after this point is secret<br> PrivateExponent: 0x1e2b8190cfc7ac51527013ff9484bfa27312915f226eb4e16b8cd3fbda801105fdf37fa2abf27acafc435d74cf805aae4e91d2c0ee266d25bd6f12222f77bfe1a95b4590122b2ce1a97a0b628d7a99dc3b3468989c481708b1a8f78b0dac9478c1df843df19768a807494ff441ffb283d3211dd839864dec093e04f7b6851fd6a8d200582e20d30fe844190baa83b3c9fdb8bd70e074568e7b539d9bb6a691799c6b05589345d4c57cfdadb6d82343da477e3c6e545ee149c3e4266b43b66e424e30c9dbc050b014afac259db7b91804432d12a4716f98759d15215d12486bd686a865c4871cb27f14ef69e6c23715fc3893843768dab201f61ff080e5d89e2b
<br> Prime1: 0xe29d68594c89a3ffd246a569d0f0636fc538ec281faa0dab9694008f3b6555feb97ce3e66e8195016b5128460c54aa00d4002bd82e17f2016f6631d794ec755fbea2ff8fc38a1b214d87f811cdd3f37de82c96d00a444d48bb922950f1e36f3b291d85a90638ba6a4869d6170c991bdf7cfe35df93985b823a8289e91ffcde41
<br> Prime2: 0xcc7e12f0f06d96d740eaf93b04f5a61980156a9a0ab7413eee529dfb3c9461460b565f0fda9ead57965578fe28cb915a79fb8f647e85b09596162e1168236fbcc31fe6657419498ce947b5fbcd0e9c6e316043733012f88a4b74c90b6736940110cc9f508ab67c9fe7134ee4c9f8e9ac362a60d1aaf2e65482fc6ea90d86dc75
<br> Exponent1: 0x97139ae633066d5536d9c39be0a0424a837b481abfc6b3c7b9b8005f7cee39547ba897eef4566356478b702eb2e31c008d5572901ebaa1564a44213a63484e3fd46caa5fd7b1676b8905500bde8d4cfe9ac8648ab182de307d0c1b8b4becf4d21b6903c60425d19c30468eba08661294fdfece950d103d017c57069b6aa8942b
<br> Exponent2: 0x88540ca0a0490f3a2b4750d2034e6ebbaab8f1bc0724d629f43713fcd30d962eb23994b53c69c8e50ee3a5fec5dd0b91a6a7b4eda9ae75b90eb9740b9ac24a7dd76a9998f810dbb3462fcea7de09bd9ecb95824ccab7505c324ddb5cef79b800b5ddbf8b0724531544b789eddbfb4672cec6eb3671f744385752f470b3af3da3
<br> Coefficient: 0x2d291976cf82e845bf708e8c4b0ac5fcaa8f954c47be1410e6c8ea6fb2ed5651df0d054b97d2ad83bfa87383c8ffd607b3072266bbceaaea9647a1bb55499b2a17b7d34ff76e92210fffba811cca9988d43c9b8448376e5d97ca47714247250d093edf726ce8aa9dc1a5b7b3b66d0e938669d4ca935f40af8c4b9b441c148661
<br>}</p>
<p># do not change the indenting of that "}"</p>
<p>: RSA host.example.com.key "123ABC"<br></p>
<p>>>>>>>>>>>>>>>>>>>>>>>>/etc/ipsec.conf<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
</p>
<p># /etc/ipsec.conf - Openswan IPsec configuration file<br># RCSID $Id: <a href="http://ipsec.conf.in">ipsec.conf.in</a>,v <a href="http://1.15.2.1"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "1.15.2.1" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 1.15.2.1</a> 2005/07/26 12:28:39 ken Exp $</p>
<p># This file: /usr/share/doc/packages/openswan/ipsec.conf-sample<br>#<br># Manual: ipsec.conf.5</p>
<p><br>version 2.0 # conforms to second version of ipsec.conf specification</p>
<p># basic configuration<br>config setup<br> # plutodebug / klipsdebug = "all", "none" or a combation from below:<br> # "raw crypt parsing emitting control klips pfkey natt x509 private"<br>
# eg:<br> # plutodebug="control parsing"<br> #<br> # Only enable klipsdebug=all if you are a developer<br> #<br> # NAT-TRAVERSAL support, see README.NAT-Traversal<br> # nat_traversal=yes<br> # virtual_private=%v4:
<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.0.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12</a><br> #<br> # Certificate Revocation List handling:<br> #crlcheckinterval=600<br> #strictcrlpolicy=yes<br> #
<br> # Change rp_filter setting? (default is 0, disabled)<br> # See also setting in the /etc/sysctl.conf file!<br> #rp_filter=%unchanged<br> #<br> # Workaround to setup all tunnels immediately, since the new default<br> # of "plutowait=no" causes "Resource temporarily unavailable" errors
<br> # for the first connect attempt over each tunnel, that is delayed to<br> # be established later / on demand.<br> #<br> plutowait=yes<br> interfaces=%defaultroute<br> nat_traversal=yes<br> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.0.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16</a></p>
<p># default settings for connections<br>conn %default<br> # keyingtries default to %forever<br> keyingtries=1<br> compress=yes<br> disablearrivalcheck=no<br> authby=rsasig<br> # Sig keys (default: %dnsondemand)<br> leftrsasigkey=%cert
<br> rightrsasigkey=%cert<br> # Lifetimes, defaults are 1h/8hrs<br> #ikelifetime=20m<br> #keylife=1h<br> #rekeymargin=8m</p>
<p>conn roadwarrior-net<br> leftsubnet=<a href="http://10.10.10.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.0/24</a><br> also=roadwarrior</p>
<p>conn roadwarrior<br> left=%defaultroute<br> leftcert=host.example.com.pem<br> right=%any<br> rightsubnet=vhost:%no,%priv<br> auto=add<br> pfs=yes</p>
<p>conn block<br> auto=ignore</p>
<p>conn private<br> auto=ignore</p>
<p>conn private-or-clear<br> auto=ignore</p>
<p>conn clear<br> auto=ignore</p>
<p>conn packetdefault<br> auto=ignore</p>
<p>#Disable Opportunistic Encryption<br>include /etc/ipsec.d/examples/no_oe.conf</p>
<p># Add connections here</p>
<p># sample VPN connection<br># conn sample<br># # Left security gateway, subnet behind it, nexthop toward right.<br># left=<a href="http://10.0.0.1"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.0.0.1" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.0.0.1</a><br># leftsubnet=<a href="http://172.16.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "172.16.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 172.16.0.0/24
</a><br># leftnexthop=<a href="http://10.22.33.44"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.22.33.44" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.22.33.44</a><br># # Right security gateway, subnet behind it, nexthop toward left.<br># right=<a href="http://10.12.12.1"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.12.12.1" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.12.12.1</a><br># rightsubnet=<a href="http://192.168.0.0/24"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.0.0" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
192.168.0.0/24</a><br># rightnexthop=<a href="http://10.101.102.103"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.101.102.103" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.101.102.103</a><br># # To authorize this connection, but not actually start it, <br># # at startup, uncomment this.<br># #auto=start</p>
<p> ______________________________________________________________________________________________________________</p></span></div>