AW: [Openswan Users] Openswan <--> XP problem
Daniel Hanke
d.hanke at windream.com
Fri Jun 25 16:12:22 CEST 2004
> ....
> Jun 25 11:36:45 localhost pluto[7040]: | certificate is valid
> Jun 25 11:36:45 localhost pluto[7040]: | issuer cacert found ....
> Jun 25 11:36:46 localhost pluto[7040]: | certificate
> signature is valid Jun 25 11:36:46 localhost pluto[7040]: |
> issuer crl found ....
> Jun 25 11:36:46 localhost pluto[7040]: | crl signature is
> valid Jun 25 11:36:46 localhost pluto[7040]: | serial number: 02 ....
> Jun 25 11:36:46 localhost pluto[7040]: | crl is valid ....
> Jun 25 11:36:46 localhost pluto[7040]: "road"[2] *.*.*.* #3:
> no suitable connection for peer '*snip*'
> Jun 25 11:36:46 localhost pluto[7040]: | state transition function for
> STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
>
OK this is solved. Obviously something with the Certificates....
Now i have another problem. It seems that everything is fine now but it
isnt....
My network:
WinXP <---------> VPN-GW <--------> Net-A
10.0.0.1 10.0.0.2 + 10.10.11.1 10.10.11.0/24
/var/log/secure:
Jun 25 14:58:15 localhost pluto[4446]: packet from XXX:500: ignoring Vendor
ID payload [MS NT5 ISAKMPOAKLEY 00000003]
Jun 25 14:58:15 localhost pluto[4446]: "road"[1] XXX #1: responding to Main
Mode from unknown peer 172.23.1.31
Jun 25 14:58:15 localhost pluto[4446]: "road"[1] XXX #1: transition from
state (null) to state STATE_MAIN_R1
Jun 25 14:58:15 localhost pluto[4446]: "road"[1] XXX #1: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 25 14:58:15 localhost pluto[4446]: "road"[1] XXX #1: Peer ID is
ID_DER_ASN1_DN: 'XXXXXXXXXXXXXXXXXXXXX'
Jun 25 14:58:15 localhost pluto[4446]: "road"[2] XXX #1: deleting connection
"road" instance with peer XXX {isakmp=#0/ipsec=#0}
Jun 25 14:58:15 localhost pluto[4446]: "road"[2] XXX #1: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 25 14:58:15 localhost pluto[4446]: "road"[2] XXX #1: sent MR3, ISAKMP SA
established
I cant ping Net-A and i cant see any ESP packets leaving the XP Box. With
Ethereal i just can see ISAKMP packets and "FRAGMENTED IP PROTOCOL".
Thanks
Daniel
More information about the Users
mailing list