[Openswan Users] Openswan 2.2.0 and Windows XP Sp2
RITTER, Philippe
phr at cdm.smis.ch
Fri Jan 7 09:20:05 CET 2005
Ok, I'm sorry, i put a false left address. Now I have left=%defaultroute and
everything is good.
Can someone point to a good documentation on how to configure iptable for
allowing only ipsec traffic ?
Thanks
Philippe RITTER
-----Message d'origine-----
De : RITTER, Philippe
Envoyé : vendredi, 7. janvier 2005 08:36
À : 'users at openswan.org'
Objet : RE : [Openswan Users] Openswan 2.2.0 and Windows XP Sp2
I am using openswan 2.2.0 on a debian. I will wait until 2.3.0 is available
on Debian sarge.
But I did some error in my certificate. I reinstalled all certificate. But
now I get this error on the route command. Can this be a problem with my
firewall rules or a config problem in openswan ?
Thanks for any help !
Regards
Philippe
Jan 7 08:31:52 gibraltar pluto[6279]: packet from 193.247.83.238:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jan 7 08:31:52 gibraltar pluto[6279]: packet from 193.247.83.238:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jan 7 08:31:52 gibraltar pluto[6279]: packet from 193.247.83.238:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jan 7 08:31:52 gibraltar pluto[6279]: packet from 193.247.83.238:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Jan 7 08:31:52 gibraltar pluto[6279]: "cdm-phr"[1] 193.247.83.238 #3:
responding to Main Mode from unknown peer 193.247.83.238
Jan 7 08:31:52 gibraltar pluto[6279]: "cdm-phr"[1] 193.247.83.238 #3:
transition from state (null) to state STATE_MAIN_R1
Jan 7 08:31:52 gibraltar pluto[6279]: "cdm-phr"[1] 193.247.83.238 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Jan 7 08:31:52 gibraltar pluto[6279]: "cdm-phr"[1] 193.247.83.238 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[1] 193.247.83.238 #3: Peer
ID is ID_DER_ASN1_DN: 'C=CH, ST=GE, L=Geneve, O=Caisse des medecins,
OU=SITC, CN=kali.cdm.smis.ch, E=phr at cdm.smis.ch'
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #3:
deleting connection "cdm-phr" instance with peer 193.247.83.238
{isakmp=#0/ipsec=#0}
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #3: I am
sending my cert
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #3:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #3: sent
MR3, ISAKMP SA established
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #4:
responding to Quick Mode
Jan 7 08:31:53 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #4:
transition from state (null) to state STATE_QUICK_R1
Jan 7 08:31:54 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #4:
route-client output: /usr/lib/ipsec/_updown: doroute `ip route add
193.247.83.238/32 via 193.247.83.238 dev ppp0 ' failed (RTNETLINK answers:
Network is unreachable)
Jan 7 08:31:54 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #4:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 7 08:31:54 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #4: IPsec
SA established {ESP=>0x4c5df440 <0xccb9baee}
Jan 7 08:33:23 gibraltar pluto[6279]: "cdm-phr"[2] 193.247.83.238 #3:
received Delete SA payload: deleting ISAKMP State #3
Jan 7 08:33:23 gibraltar pluto[6279]: packet from 193.247.83.238:500:
received and ignored informational message
-----Message d'origine-----
De : Paul Wouters
Envoyé : jeudi, 6. janvier 2005 18:41
À : RITTER, Philippe
Cc : 'users at openswan.org'
Objet : Re: [Openswan Users] Openswan 2.2.0 and Windows XP Sp2
On Thu, 6 Jan 2005, RITTER, Philippe wrote:
> I'm trying to configure IP Sec like Nate Carlson described. But I always
get
> this error in my system. Can someone help me ?
> Jan 6 16:10:28 gibraltar pluto[4060]: "cdm-phr"[23] 193.247.83.238 #26:
> next payload type of ISAKMP Hash Payload has an unknown value: 133
> Jan 6 16:10:28 gibraltar pluto[4060]: "cdm-phr"[23] 193.247.83.238 #26:
> malformed payload in packet
Please upgrade your openswan. You are likely running a 2.3.0dr release?
Paul
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list