[Openswan Users]

Paul Wouters paul at xelerance.com
Mon Jul 18 21:24:00 CEST 2005


On Mon, 18 Jul 2005, Thomas Rupp wrote:

It looks like your Windows certificate has not been imported correctly, or you are
using a wrong rightca line on windows, or dont have the right certificates installed
on the server.

Try using certimport.exe, or better use the lsipsectool on sourceforge.net to import
and add the connection so you do not need to manually have to edit the rightca.

Paul

> Date: Mon, 18 Jul 2005 08:14:57 +0200
> From: Thomas Rupp <trupp at bytebox.de>
> To: Users at openswan.org
> Subject: [Openswan Users]
> 
> Hi,
> after spending my second sunday to get this thing working i have no idea 
> what's wrong with my configuration and maybe anybody can give me some advise.
> The situation:
>
>                 Lan --- VPN-Box1 --- Internet --- VPN-Box2 --- Lan
> 192.168.1.0/24 
> 192.168.0.0/24
>
> This part is named "da-po" in the ipsec.conf on VPN-Box1 and works fine.
> Now there should be a roadwarrior part on the VPN-Box1. So it looks like this 
> i actually trying with
>
>                                                                   --- 
> VPN-Box2 --- Lan
>                                                                                                192.168.0.0/24
>                 Lan --- VPN-Box1 --- Internet
> 192.168.1.0/24                                           --- Router1 --- Lan 
> ---                  Roadwarrior
>                                                                                          192.168.168.0/24 
> .215/32
>
> I copied a working configuration (this part is named trupp/trupp-net)  from 
> another server to the VPN-Box1. The Router is an old Linuxmachine with 
> masquarading enabled. The Roadwarrior is a Windows XP Box with SP2. I also 
> installed the Support-Tools from Microsoft-Homepage for SP2. Clientpart is 
> the ipsec package from Markus Müller (http://vpn.ebootis.de). All 
> certificates living at the right place.
> I think the error is on the windowsside but i can't figure out.
>
> Thanks for any help
> Tom
>
> --- VPN-Box1 ipsec.conf ---
> version 2.0
>
> config setup
>       interfaces=%defaultroute
>       nat_traversal=yes
>       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24
>       uniqueids=yes
>       #crlcheckinterval=600
>       #strictcrlpolicy=yes
>
> conn %default
>       keyingtries=1
>       compress=no
>       disablearrivalcheck=no
>       authby=rsasig
>       rightrsasigkey=%cert
>       leftrsasigkey=%cert
>
> conn trupp-net
>       leftsubnet=192.168.1.0/255.255.255.0
>       also=trupp
>
> conn trupp
>       leftcert=gwdaCert.pem
>       left=%defaultroute
>       right=%any
>       rightid="/C=DE/ST=Hessen/O=Infrastruktur und 
> Umwelt/OU=Netzwerksicherheit/CN=Thomas Rupp/emailAddress=trupp at bytebox.de"
>       rightsubnet=vhost:%no,%priv
>       auto=add
>       pfs=yes
>       leftupdown=/usr/lib/ipsec/_updown_x509
>
> conn da-po
>       leftcert=gwdaCert.pem
>       left=%defaultroute
>       leftsubnet=192.168.1.0/24
>       right=%any
>       rightid="/C=DE/ST=Hessen/O=Infrastruktur und 
> Umwelt/OU=Netzwerksicherheit/CN=infrapot.dyndns.org/emailAddress=gwpo at iu-info.de"
>       rightsubnet=192.168.0.0/24
>       auto=add
>       pfs=yes
>       leftupdown=/usr/lib/ipsec/_updown_x509
>
> include /etc/ipsec.d/no_oe.conf
>
> --- WindowsXP ipsec.conf
>
> conn roadwarrior
>   mac=12-39-62-78-f9-46
>   left=%any
>   right=213.188.106.75
>   rightca="C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Infrastruktur und Umwelt Root CA, E=ca at iu-info.de"
>   network=lan
>   auto=start
>   pfs=yes
>
> conn roadwarrior-net
>   mac=12-39-62-78-f9-46
>   left=%any
>   right=213.188.106.75
>   rightsubnet=192.168.1.0/24
>   rightca="C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Infrastruktur und Umwelt Root CA, E=ca at iu-info.de"
>   network=lan
>   auto=start
>   pfs=yes
>
> --- Windows ipsec.exe output ---
> IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
> Getting running Config ...
> Microsoft's Windows XP identified
> Setting up IPSec ...
>
>       Deactivating old policy...
>       Removing old policy...
>
> Connection roadwarrior:
>       MyTunnel     : 192.168.168.215
>       MyNet        : 192.168.168.215/255.255.255.255
>       PartnerTunnel: 213.188.106.75
>       PartnerNet   : 213.188.106.75/255.255.255.255
>       CA (ID)      : C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Net...
>       PFS          : y
>       Auto         : start
>       Auth.Mode    : MD5
>       Rekeying     : 3600S/50000K
>       Activating policy...
>
> Connection roadwarrior-net:
>       MyTunnel     : 192.168.168.215
>       MyNet        : 192.168.168.215/255.255.255.255
>       PartnerTunnel: 213.188.106.75
>       PartnerNet   : 192.168.1.0/255.255.255.0
>       CA (ID)      : C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Net...
>       PFS          : y
>       Auto         : start
>       Auth.Mode    : MD5
>       Rekeying     : 3600S/50000K
>       Activating policy...
>
> --- VPN-Box1 log ---
> Jul 18 08:08:08 infra pluto[23604]: packet from 84.177.96.33:500: ignoring 
> Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Jul 18 08:08:08 infra pluto[23604]: packet from 84.177.96.33:500: ignoring 
> Vendor ID payload [FRAGMENTATION]
> Jul 18 08:08:08 infra pluto[23604]: packet from 84.177.96.33:500: received 
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Jul 18 08:08:08 infra pluto[23604]: packet from 84.177.96.33:500: ignoring 
> Vendor ID payload [Vid-Initial-Contact]
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: responding 
> to Main Mode from unknown peer 84.177.96.33
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: transition 
> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: 
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: transition 
> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: Main mode 
> peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Thomas Rupp, E=trupp at bytebox.de'
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: I am sending 
> my cert
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33 #30: transition 
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Jul 18 08:08:08 infra pluto[23604]: | NAT-T: new mapping 
> 84.177.96.33:500/4500)
> Jul 18 08:08:08 infra pluto[23604]: "trupp"[6] 84.177.96.33:4500 #30: sent 
> MR3, ISAKMP SA established
>
>
> --- WindowsXP oakley.log --- (This is in german, if you need any translation, 
> just ask)
> 7-18: 08:08:06:671:2f0 Acquire from driver: op=0000000D src=192.168.168.215.0 
> dst=192.168.1.5.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, 
> Tunnel 1, TunnelEndpt=213.188.106.75 Inbound TunnelEndpt=192.168.168.215
> 7-18: 08:08:06:671:adc Filter to match: Src 213.188.106.75 Dst 
> 192.168.168.215
> 7-18: 08:08:06:671:adc MM PolicyName: 8
> 7-18: 08:08:06:671:adc MMPolicy dwFlags 2 SoftSAExpireTime 28800
> 7-18: 08:08:06:671:adc MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
> 7-18: 08:08:06:671:adc MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
> 7-18: 08:08:06:671:adc MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
> 7-18: 08:08:06:671:adc MMOffer[1] Encrypt: Dreifach-DES CBC Hash: MD5
> 7-18: 08:08:06:671:adc MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
> 7-18: 08:08:06:671:adc MMOffer[2] Encrypt: DES CBC Hash: SHA
> 7-18: 08:08:06:671:adc MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
> 7-18: 08:08:06:671:adc MMOffer[3] Encrypt: DES CBC Hash: MD5
> 7-18: 08:08:06:671:adc Auth[0]:RSA Sig C=DE, S=Hessen, O=Infrastruktur und 
> Umwelt, OU=Netzwerksicherheit, CN=Infrastruktur und Umwelt Root CA, 
> E=ca at iu-info.de AuthFlags 0
> 7-18: 08:08:06:671:adc QM PolicyName: Host-roadwarrior-net filter action 
> dwFlags 1
> 7-18: 08:08:06:671:adc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> 7-18: 08:08:06:671:adc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
> 7-18: 08:08:06:671:adc  Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC: 
> MD5
> 7-18: 08:08:06:671:adc Starting Negotiation: src = 192.168.168.215.0500, dst 
> = 213.188.106.75.0500, proto = 00, context = 0000000D, ProxySrc = 
> 192.168.168.215.0000, ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 
> DstMask = 255.255.255.0
> 7-18: 08:08:06:671:adc constructing ISAKMP Header
> 7-18: 08:08:06:671:adc constructing SA (ISAKMP)
> 7-18: 08:08:06:671:adc Constructing Vendor MS NT5 ISAKMPOAKLEY
> 7-18: 08:08:06:671:adc Constructing Vendor FRAGMENTATION
> 7-18: 08:08:06:671:adc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
> 7-18: 08:08:06:671:adc Constructing Vendor Vid-Initial-Contact
> 7-18: 08:08:06:671:adc
> 7-18: 08:08:06:671:adc Sending: SA = 0x0013ED68 to 213.188.106.75:Type 2.500
> 7-18: 08:08:06:671:adc ISAKMP Header: (V1.0), len = 276
> 7-18: 08:08:06:671:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:06:671:adc   R-COOKIE 0000000000000000
> 7-18: 08:08:06:671:adc   exchange: Oakley Main Mode
> 7-18: 08:08:06:671:adc   flags: 0
> 7-18: 08:08:06:671:adc   next payload: SA
> 7-18: 08:08:06:671:adc   message ID: 00000000
> 7-18: 08:08:06:671:adc Ports S:f401 D:f401
> 7-18: 08:08:06:750:adc
> 7-18: 08:08:06:750:adc Receive: (get) SA = 0x0013ed68 from 213.188.106.75.500
> 7-18: 08:08:06:750:adc ISAKMP Header: (V1.0), len = 124
> 7-18: 08:08:06:750:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:06:750:adc   R-COOKIE f2784b9811a6b301
> 7-18: 08:08:06:750:adc   exchange: Oakley Main Mode
> 7-18: 08:08:06:750:adc   flags: 0
> 7-18: 08:08:06:750:adc   next payload: SA
> 7-18: 08:08:06:750:adc   message ID: 00000000
> 7-18: 08:08:06:750:adc processing payload SA
> 7-18: 08:08:06:750:adc Received Phase 1 Transform 1
> 7-18: 08:08:06:750:adc      Encryption Alg Dreifach-DES CBC(5)
> 7-18: 08:08:06:750:adc      Hash Alg SHA(2)
> 7-18: 08:08:06:750:adc      Oakley Group 2
> 7-18: 08:08:06:750:adc      Auth Method RSA-Signatur mit Zertifikaten(3)
> 7-18: 08:08:06:750:adc      Life type in Seconds
> 7-18: 08:08:06:750:adc      Life duration of 28800
> 7-18: 08:08:06:750:adc Phase 1 SA accepted: transform=1
> 7-18: 08:08:06:750:adc SA - Oakley proposal accepted
> 7-18: 08:08:06:750:adc processing payload VENDOR ID
> 7-18: 08:08:06:750:adc processing payload VENDOR ID
> 7-18: 08:08:06:750:adc Received VendorId draft-ietf-ipsec-nat-t-ike-02
> 7-18: 08:08:06:750:adc ClearFragList
> 7-18: 08:08:06:750:adc constructing ISAKMP Header
> 7-18: 08:08:06:765:adc constructing KE
> 7-18: 08:08:06:765:adc constructing NONCE (ISAKMP)
> 7-18: 08:08:06:765:adc Constructing NatDisc
> 7-18: 08:08:06:765:adc
> 7-18: 08:08:06:765:adc Sending: SA = 0x0013ED68 to 213.188.106.75:Type 2.500
> 7-18: 08:08:06:765:adc ISAKMP Header: (V1.0), len = 232
> 7-18: 08:08:06:765:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:06:765:adc   R-COOKIE f2784b9811a6b301
> 7-18: 08:08:06:765:adc   exchange: Oakley Main Mode
> 7-18: 08:08:06:765:adc   flags: 0
> 7-18: 08:08:06:765:adc   next payload: KE
> 7-18: 08:08:06:765:adc   message ID: 00000000
> 7-18: 08:08:06:765:adc Ports S:f401 D:f401
> 7-18: 08:08:06:859:adc
> 7-18: 08:08:06:859:adc Receive: (get) SA = 0x0013ed68 from 213.188.106.75.500
> 7-18: 08:08:06:859:adc ISAKMP Header: (V1.0), len = 228
> 7-18: 08:08:06:859:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:06:859:adc   R-COOKIE f2784b9811a6b301
> 7-18: 08:08:06:859:adc   exchange: Oakley Main Mode
> 7-18: 08:08:06:859:adc   flags: 0
> 7-18: 08:08:06:859:adc   next payload: KE
> 7-18: 08:08:06:859:adc   message ID: 00000000
> 7-18: 08:08:06:859:adc processing payload KE
> 7-18: 08:08:06:859:adc processing payload NONCE
> 7-18: 08:08:06:859:adc processing payload NATDISC
> 7-18: 08:08:06:859:adc Processing NatHash
> 7-18: 08:08:06:859:adc Nat hash e38235836bd967e0b2b57e6539a33557
> 7-18: 08:08:06:859:adc 0ffa7940
> 7-18: 08:08:06:859:adc SA StateMask2 1f
> 7-18: 08:08:06:859:adc processing payload NATDISC
> 7-18: 08:08:06:859:adc Processing NatHash
> 7-18: 08:08:06:859:adc Nat hash 3381c15433576f3800f1166f89289af4
> 7-18: 08:08:06:859:adc 80206666
> 7-18: 08:08:06:859:adc SA StateMask2 9f
> 7-18: 08:08:06:859:adc ClearFragList
> 7-18: 08:08:06:859:adc Floated Ports Orig Me:f401 Peer:f401
> 7-18: 08:08:06:859:adc Floated Ports Me:9411 Peer:9411
> 7-18: 08:08:06:859:adc constructing ISAKMP Header
> 7-18: 08:08:06:859:adc constructing ID
> 7-18: 08:08:06:859:adc Received no valid CRPs.  Using all configured
> 7-18: 08:08:06:859:adc Looking for IPSec only cert
> 7-18: 08:08:06:859:adc Cert Trustes.  0 100
> 7-18: 08:08:06:859:adc Cert SHA Thumbprint 2fc98042db8e3d89af62ceb2398033e4
> 7-18: 08:08:06:859:adc e2ee142d
> 7-18: 08:08:06:859:adc CertFindExtenstion failed with 0
> 7-18: 08:08:06:859:adc Entered CRL check
> 7-18: 08:08:06:875:adc Left CRL check
> 7-18: 08:08:06:875:adc Cert SHA Thumbprint 2fc98042db8e3d89af62ceb2398033e4
> 7-18: 08:08:06:875:adc e2ee142d
> 7-18: 08:08:06:875:adc SubjectName: C=DE, S=Hessen, O=Infrastruktur und 
> Umwelt, OU=Netzwerksicherheit, CN=Thomas Rupp, E=trupp at bytebox.de
> 7-18: 08:08:06:875:adc Cert Serialnumber 02
> 7-18: 08:08:06:875:adc Cert SHA Thumbprint 2fc98042db8e3d89af62ceb2398033e4
> 7-18: 08:08:06:875:adc e2ee142d
> 7-18: 08:08:06:875:adc SubjectName: C=DE, S=Hessen, O=Infrastruktur und 
> Umwelt, OU=Netzwerksicherheit, CN=Infrastruktur und Umwelt Root CA, 
> E=ca at iu-info.de
> 7-18: 08:08:06:875:adc Cert Serialnumber 00
> 7-18: 08:08:06:875:adc Cert SHA Thumbprint ec7f41cf8471172ccb2f519ecc3877b9
> 7-18: 08:08:06:875:adc 73215dbe
> 7-18: 08:08:06:875:adc Not storing My cert chain in SA.
> 7-18: 08:08:06:875:adc MM ID Type 9
> 7-18: 08:08:06:875:adc MM ID 308195310b3009060355040613024445
> 7-18: 08:08:06:875:adc 310f300d060355040813064865737365
> 7-18: 08:08:06:875:adc 6e3121301f060355040a1318496e6672
> 7-18: 08:08:06:875:adc 61737472756b74757220756e6420556d
> 7-18: 08:08:06:875:adc 77656c74311b3019060355040b13124e
> 7-18: 08:08:06:875:adc 65747a7765726b736963686572686569
> 7-18: 08:08:06:875:adc 74311430120603550403130b54686f6d
> 7-18: 08:08:06:875:adc 61732052757070311f301d06092a8648
> 7-18: 08:08:06:875:adc 86f70d01090116107472757070406279
> 7-18: 08:08:06:875:adc 7465626f782e6465
> 7-18: 08:08:06:875:adc constructing CERT
> 7-18: 08:08:06:875:adc Construct SIG
> 7-18: 08:08:06:890:adc Constructing Cert Request
> 7-18: 08:08:06:890:adc C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Infrastruktur und Umwelt Root CA, E=ca at iu-info.de
> 7-18: 08:08:06:890:adc
> 7-18: 08:08:06:890:adc Sending: SA = 0x0013ED68 to 213.188.106.75:Type 2.4500
> 7-18: 08:08:06:890:adc ISAKMP Header: (V1.0), len = 1900
> 7-18: 08:08:06:890:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:06:890:adc   R-COOKIE f2784b9811a6b301
> 7-18: 08:08:06:890:adc   exchange: Oakley Main Mode
> 7-18: 08:08:06:890:adc   flags: 1 ( encrypted )
> 7-18: 08:08:06:890:adc   next payload: ID
> 7-18: 08:08:06:890:adc   message ID: 00000000
> 7-18: 08:08:06:890:adc Ports S:9411 D:9411
> 7-18: 08:08:07:109:adc
> 7-18: 08:08:07:109:adc Receive: (get) SA = 0x0013ed68 from 
> 213.188.106.75.4500
> 7-18: 08:08:07:109:adc ISAKMP Header: (V1.0), len = 1732
> 7-18: 08:08:07:109:adc   I-COOKIE 4cd83385f869735b
> 7-18: 08:08:07:109:adc   R-COOKIE f2784b9811a6b301
> 7-18: 08:08:07:109:adc   exchange: Oakley Main Mode
> 7-18: 08:08:07:109:adc   flags: 1 ( encrypted )
> 7-18: 08:08:07:109:adc   next payload: ID
> 7-18: 08:08:07:109:adc   message ID: 00000000
> 7-18: 08:08:07:109:adc processing payload ID
> 7-18: 08:08:07:109:adc processing payload CERT
> 7-18: 08:08:07:109:adc processing payload SIG
> 7-18: 08:08:07:109:adc Verifying CertStore
> 7-18: 08:08:07:109:adc SubjectName: C=DE, S=Hessen, O=Infrastruktur und 
> Umwelt, OU=Netzwerksicherheit, CN=mail.iu-info.de, E=gwda at iu-info.de
> 7-18: 08:08:07:109:adc Cert Serialnumber 00
> 7-18: 08:08:07:109:adc Cert SHA Thumbprint 9794696367340e6015d2001d9ebabc04
> 7-18: 08:08:07:109:adc adc4da66
> 7-18: 08:08:07:109:adc Trust failed.  28 0
> 7-18: 08:08:07:109:adc Cert Trustes.  28 0
> 7-18: 08:08:07:125:adc SubjectName: C=DE, S=Hessen, O=Infrastruktur und 
> Umwelt, OU=Netzwerksicherheit, CN=mail.iu-info.de, E=gwda at iu-info.de
> 7-18: 08:08:07:125:adc Cert Serialnumber 00
> 7-18: 08:08:07:125:adc Cert SHA Thumbprint 9794696367340e6015d2001d9ebabc04
> 7-18: 08:08:07:125:adc adc4da66
> 7-18: 08:08:07:125:adc Not storing Peer's cert chain in SA.
> 7-18: 08:08:07:125:adc Cert SHA Thumbprint 9794696367340e6015d2001d9ebabc04
> 7-18: 08:08:07:125:adc adc4da66
> 7-18: 08:08:07:125:adc Zertifikatsbasierte Identität.   Peerantragsteller 
> C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Netzwerksicherheit, 
> CN=mail.iu-info.de, E=gwda at iu-info.de  Peer-SHA-Fingerabdruck 
> 9794696367340e6015d2001d9ebabc04adc4da66  Peer, der die Zertifizierungsstelle 
> ausstellt: C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Netzwerksicherheit, 
> CN=Infrastruktur und Umwelt Root CA, E=ca at iu-info.de 
> Stammzertifizierungsstelle C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=mail.iu-info.de, E=gwda at iu-info.de  Eigener 
> Antragsteller C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Thomas Rupp, E=trupp at bytebox.de  Eigener 
> SHA-Fingerabdruck 2fc98042db8e3d89af62ceb2398033e4e2ee142d  Peer-IP-Adresse: 
> 213.188.106.75
> 7-18: 08:08:07:125:adc Quell-IP-Adresse 192.168.168.215  Quell-IP-Adressmaske 
> 255.255.255.255  Ziel-IP-Adresse 213.188.106.75  Ziel-IP-Adressmaske 
> 255.255.255.255  Protokoll 0  Quellport 0  Zielport 0  Lokale IKE-Adresse 
> 192.168.168.215  Peer-IKE-Adresse 213.188.106.75
> 7-18: 08:08:07:125:adc isadb_set_status sa:0013ED68 centry:00000000 status 
> 35e9
> 7-18: 08:08:07:125:adc Schlüsselaustauschmodus (Hauptmodus)
> 7-18: 08:08:07:125:adc Quell-IP-Adresse 192.168.168.215  Quell-IP-Adressmaske 
> 255.255.255.255  Ziel-IP-Adresse 213.188.106.75  Ziel-IP-Adressmaske 
> 255.255.255.255  Protokoll 0  Quellport 0  Zielport 0  Lokale IKE-Adresse 
> 192.168.168.215  Peer-IKE-Adresse 213.188.106.75
> 7-18: 08:08:07:125:adc Zertifikatsbasierte Identität.   Peerantragsteller 
> C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Netzwerksicherheit, 
> CN=mail.iu-info.de, E=gwda at iu-info.de  Peer-SHA-Fingerabdruck 
> 9794696367340e6015d2001d9ebabc04adc4da66  Peer, der die Zertifizierungsstelle 
> ausstellt: C=DE, S=Hessen, O=Infrastruktur und Umwelt, OU=Netzwerksicherheit, 
> CN=Infrastruktur und Umwelt Root CA, E=ca at iu-info.de 
> Stammzertifizierungsstelle C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=mail.iu-info.de, E=gwda at iu-info.de  Eigener 
> Antragsteller C=DE, S=Hessen, O=Infrastruktur und Umwelt, 
> OU=Netzwerksicherheit, CN=Thomas Rupp, E=trupp at bytebox.de  Eigener 
> SHA-Fingerabdruck 2fc98042db8e3d89af62ceb2398033e4e2ee142d  Peer-IP-Adresse: 
> 213.188.106.75
> 7-18: 08:08:07:125:adc Benutzer
> 7-18: 08:08:07:125:adc IKE-Authentifizierung-Anmeldeinformationen sind nicht 
> akzeptabel.
> 7-18: 08:08:07:125:adc 0x0 0x0
> 7-18: 08:08:07:125:adc ProcessFailure: sa:0013ED68 centry:00000000 
> status:35e9
> 7-18: 08:08:07:125:adc Not creating notify.
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

"With Data mining, we can search specifically for clues"

--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension


More information about the Users mailing list