[Openswan Users] I can´t ping my private network
Fabio Ferreira
fabio.ferreira at markway.com.br
Wed Dec 6 13:06:00 EST 2006
Paul,
Thanks for your help.
My Logs:
# tail -f /var/log/secure --> "When I was starting de ipsec service"
Dec 6 14:33:08 frwmarkway ipsec__plutorun: Starting Pluto subsystem...
Dec 6 14:33:08 frwmarkway pluto[650]: Starting Pluto (Openswan Version 2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)
Dec 6 14:33:08 frwmarkway pluto[650]: Setting NAT-Traversal port-4500 floating to on
Dec 6 14:33:08 frwmarkway pluto[650]: port floating activation criteria nat_t=1/port_fload=1
Dec 6 14:33:08 frwmarkway pluto[650]: including NAT-Traversal patch (Version 0.6c)
Dec 6 14:33:08 frwmarkway pluto[650]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Dec 6 14:33:08 frwmarkway pluto[650]: starting up 1 cryptographic helpers
Dec 6 14:33:08 frwmarkway pluto[650]: started helper pid=651 (fd:6)
Dec 6 14:33:08 frwmarkway pluto[650]: Using Linux 2.6 IPsec interface code on 2.6.18-1.2239.fc5
Dec 6 14:33:08 frwmarkway pluto[650]: Changing to directory '/etc/ipsec.d/cacerts'
Dec 6 14:33:08 frwmarkway pluto[650]: loaded CA cert file 'cacert.pem' (3129 bytes)
Dec 6 14:33:08 frwmarkway pluto[650]: Could not change to directory '/etc/ipsec.d/aacerts'
Dec 6 14:33:08 frwmarkway pluto[650]: Could not change to directory '/etc/ipsec.d/ocspcerts'
Dec 6 14:33:08 frwmarkway pluto[650]: Changing to directory '/etc/ipsec.d/crls'
Dec 6 14:33:08 frwmarkway pluto[650]: loaded crl file 'crl.pem' (495 bytes)
Dec 6 14:33:08 frwmarkway pluto[650]: crl issuer cacert not found for (file:///etc/ipsec.d/crls/crl.pem)
Dec 6 14:33:09 frwmarkway pluto[650]: loaded host cert file '/etc/ipsec.d/certs/secreto.pem' (3061 bytes)
Dec 6 14:33:09 frwmarkway pluto[650]: added connection description "roadwarrior_secreto"
Dec 6 14:33:09 frwmarkway pluto[650]: listening for IKE messages
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth1/eth1 192.168.1.4:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth1/eth1 192.168.1.4:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:2/eth0:2 200.150.147.247:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:2/eth0:2 200.150.147.247:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:1/eth0:1 200.150.147.246:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:1/eth0:1 200.150.147.246:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:0/eth0:0 200.150.147.245:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0:0/eth0:0 200.150.147.245:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0/eth0 200.150.147.244:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface eth0/eth0 200.150.147.244:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface lo/lo 127.0.0.1:500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface lo/lo 127.0.0.1:4500
Dec 6 14:33:09 frwmarkway pluto[650]: adding interface lo/lo ::1:500
Dec 6 14:33:09 frwmarkway pluto[650]: loading secrets from "/etc/ipsec.secrets"
Dec 6 14:33:09 frwmarkway pluto[650]: loaded private key file '/etc/ipsec.d/private/secreto.key' (963 bytes)
AFTER the ping from client Machine
Dec 6 14:43:34 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Dec 6 14:43:34 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [FRAGMENTATION]
Dec 6 14:43:34 frwmarkway pluto[650]: packet from 201.5.8.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Dec 6 14:43:34 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Dec 6 14:43:34 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: responding to Main Mode from unknown peer 201.5.8.142
Dec 6 14:43:34 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 6 14:43:34 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 6 14:43:35 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Dec 6 14:43:35 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 6 14:43:35 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 6 14:43:36 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: next payload type of ISAKMP Hash Payload has an unknown value: 152
Dec 6 14:43:36 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: malformed payload in packet
Dec 6 14:43:36 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: sending notification PAYLOAD_MALFORMED to 201.5.8.142:500
Dec 6 14:44:45 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142 #1: max number of retransmissions (2) reached STATE_MAIN_R2
Dec 6 14:44:45 frwmarkway pluto[650]: "roadwarrior_secreto"[1] 201.5.8.142: deleting connection "roadwarrior_secreto" instance with peer 201.5.8.142 {isakmp=#0/ipsec=#0}
Dec 6 14:45:23 frwmarkway pluto[650]: packet from 201.5.8.142:500: Informational Exchange is for an unknown (expired?) SA
Dec 6 14:45:23 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Dec 6 14:45:23 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [FRAGMENTATION]
Dec 6 14:45:23 frwmarkway pluto[650]: packet from 201.5.8.142:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Dec 6 14:45:23 frwmarkway pluto[650]: packet from 201.5.8.142:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: responding to Main Mode from unknown peer 201.5.8.142
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: next payload type of ISAKMP Hash Payload has an unknown value: 139
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: malformed payload in packet
Dec 6 14:45:23 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: sending notification PAYLOAD_MALFORMED to 201.5.8.142:500
Dec 6 14:46:33 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142 #2: max number of retransmissions (2) reached STATE_MAIN_R2
Dec 6 14:46:33 frwmarkway pluto[650]: "roadwarrior_secreto"[2] 201.5.8.142: deleting connection "roadwarrior_secreto" instance with peer 201.5.8.142 {isakmp=#0/ipsec=#0}
############################################################################
Log from client XP with Ipsectool
14:59:10: Starting Tunnel
14:59:10: IKE Encryption: 3des
IKE Integrity: sha1
Remote Gateway Address: 200.150.147.244
Remote Monitor Address: 200.150.147.244
Remote Network: 192.168.1.0/255.255.255.0
Local Address: 201.5.8.142
Local Network: 201.5.8.142/255.255.255.255
############################################################################
Log from client XP --> OAKLEY LOG -- When I try to ping my private network
12-06: 14:59:59:859:d50 Acquire from driver: op=00000006 src=201.5.8.142.0 dst=192.168.1.2.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=200.150.147.244 Inbound TunnelEndpt=201.5.8.142
12-06: 14:59:59:859:aac Filter to match: Src 200.150.147.244 Dst 201.5.8.142
12-06: 14:59:59:875:aac MM PolicyName: 7
12-06: 14:59:59:875:aac MMPolicy dwFlags 2 SoftSAExpireTime 3500
12-06: 14:59:59:875:aac MMOffer[0] LifetimeSec 3500 QMLimit 0 DHGroup 2
12-06: 14:59:59:890:aac MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
12-06: 14:59:59:890:aac Auth[0]:RSA Sig C=BR, S=RJ, O=markway, CN=CA, E=fabio.ferreira at markway.com.br AuthFlags 0
12-06: 14:59:59:890:aac QM PolicyName: x4 {4bd07e05-f3f2-4288-afa0-59adbb0ebadc} dwFlags 1
12-06: 14:59:59:890:aac QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
12-06: 14:59:59:890:aac QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
12-06: 14:59:59:890:aac Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-06: 14:59:59:890:aac Starting Negotiation: src = 201.5.8.142.0500, dst = 200.150.147.244.0500, proto = 00, context = 00000006, ProxySrc = 201.5.8.142.0000, ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
12-06: 14:59:59:890:aac constructing ISAKMP Header
12-06: 14:59:59:890:aac constructing SA (ISAKMP)
12-06: 14:59:59:890:aac Constructing Vendor MS NT5 ISAKMPOAKLEY
12-06: 14:59:59:890:aac Constructing Vendor FRAGMENTATION
12-06: 14:59:59:890:aac Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
12-06: 14:59:59:890:aac Constructing Vendor Vid-Initial-Contact
12-06: 14:59:59:906:aac
12-06: 14:59:59:906:aac Sending: SA = 0x000F9F38 to 200.150.147.244:Type 2.500
12-06: 14:59:59:906:aac ISAKMP Header: (V1.0), len = 168
12-06: 14:59:59:906:aac I-COOKIE ced988aae3c23a77
12-06: 14:59:59:906:aac R-COOKIE 0000000000000000
12-06: 14:59:59:906:aac exchange: Oakley Main Mode
12-06: 14:59:59:906:aac flags: 0
12-06: 14:59:59:906:aac next payload: SA
12-06: 14:59:59:906:aac message ID: 00000000
12-06: 14:59:59:906:aac Ports S:f401 D:f401
12-06: 15:00:00:578:aac
12-06: 15:00:00:578:aac Receive: (get) SA = 0x000f9f38 from 200.150.147.244.500
12-06: 15:00:00:578:aac ISAKMP Header: (V1.0), len = 140
12-06: 15:00:00:578:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:00:578:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:00:578:aac exchange: Oakley Main Mode
12-06: 15:00:00:578:aac flags: 0
12-06: 15:00:00:578:aac next payload: SA
12-06: 15:00:00:578:aac message ID: 00000000
12-06: 15:00:00:578:aac processing payload SA
12-06: 15:00:00:578:aac Received Phase 1 Transform 1
12-06: 15:00:00:578:aac Encryption Alg Triple DES CBC(5)
12-06: 15:00:00:578:aac Hash Alg SHA(2)
12-06: 15:00:00:578:aac Oakley Group 2
12-06: 15:00:00:578:aac Auth Method RSA Signature with Certificates(3)
12-06: 15:00:00:578:aac Life type in Seconds
12-06: 15:00:00:578:aac Life duration of 3500
12-06: 15:00:00:578:aac Phase 1 SA accepted: transform=1
12-06: 15:00:00:578:aac SA - Oakley proposal accepted
12-06: 15:00:00:578:aac processing payload VENDOR ID
12-06: 15:00:00:578:aac processing payload VENDOR ID
12-06: 15:00:00:578:aac processing payload VENDOR ID
12-06: 15:00:00:578:aac Received VendorId draft-ietf-ipsec-nat-t-ike-02
12-06: 15:00:00:578:aac ClearFragList
12-06: 15:00:00:578:aac constructing ISAKMP Header
12-06: 15:00:00:671:aac constructing KE
12-06: 15:00:00:671:aac constructing NONCE (ISAKMP)
12-06: 15:00:00:671:aac Constructing NatDisc
12-06: 15:00:00:671:aac
12-06: 15:00:00:671:aac Sending: SA = 0x000F9F38 to 200.150.147.244:Type 2.500
12-06: 15:00:00:671:aac ISAKMP Header: (V1.0), len = 232
12-06: 15:00:00:671:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:00:671:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:00:671:aac exchange: Oakley Main Mode
12-06: 15:00:00:671:aac flags: 0
12-06: 15:00:00:671:aac next payload: KE
12-06: 15:00:00:671:aac message ID: 00000000
12-06: 15:00:00:671:aac Ports S:f401 D:f401
12-06: 15:00:01:93:aac
12-06: 15:00:01:93:aac Receive: (get) SA = 0x000f9f38 from 200.150.147.244.500
12-06: 15:00:01:93:aac ISAKMP Header: (V1.0), len = 228
12-06: 15:00:01:93:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:01:93:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:01:93:aac exchange: Oakley Main Mode
12-06: 15:00:01:93:aac flags: 0
12-06: 15:00:01:93:aac next payload: KE
12-06: 15:00:01:93:aac message ID: 00000000
12-06: 15:00:01:93:aac processing payload KE
12-06: 15:00:01:125:aac processing payload NONCE
12-06: 15:00:01:125:aac processing payload NATDISC
12-06: 15:00:01:125:aac Processing NatHash
12-06: 15:00:01:125:aac Nat hash 8959044bd7e2797e8bbd48ec6c75306c
12-06: 15:00:01:125:aac f4c40d7d
12-06: 15:00:01:125:aac SA StateMask2 f
12-06: 15:00:01:125:aac processing payload NATDISC
12-06: 15:00:01:125:aac Processing NatHash
12-06: 15:00:01:125:aac Nat hash 230190fdb8dbe8e1b2f5c9f3c498f0d8
12-06: 15:00:01:125:aac ac12e8fd
12-06: 15:00:01:125:aac SA StateMask2 8f
12-06: 15:00:01:125:aac ClearFragList
12-06: 15:00:01:125:aac constructing ISAKMP Header
12-06: 15:00:01:125:aac constructing ID
12-06: 15:00:01:140:aac Received no valid CRPs. Using all configured
12-06: 15:00:01:140:aac Looking for IPSec only cert
12-06: 15:00:01:187:aac Trust failed. 400 100
12-06: 15:00:01:187:aac Cert SHA Thumbprint 48cf1d9ab784752beb668bad71b709a4
12-06: 15:00:01:187:aac a8c6b80f
12-06: 15:00:01:187:aac Looking for IPSec only cert
12-06: 15:00:01:187:aac failed to get chain 80092004
12-06: 15:00:01:187:aac Looking for any cert
12-06: 15:00:01:187:aac Trust failed. 400 100
12-06: 15:00:01:187:aac Cert SHA Thumbprint 48cf1d9ab784752beb668bad71b709a4
12-06: 15:00:01:187:aac a8c6b80f
12-06: 15:00:01:187:aac Looking for any cert
12-06: 15:00:01:187:aac failed to get chain 80092004
12-06: 15:00:01:187:aac ProcessFailure: sa:000F9F38 centry:00000000 status:35ee
12-06: 15:00:01:187:aac isadb_set_status sa:000F9F38 centry:00000000 status 35ee
12-06: 15:00:01:187:aac Key Exchange Mode (Main Mode)
12-06: 15:00:01:187:aac Source IP Address 201.5.8.142 Source IP Address Mask 255.255.255.255 Destination IP Address 200.150.147.244 Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 201.5.8.142 IKE Peer Addr 200.150.147.244
12-06: 15:00:01:187:aac Certificate based Identity. Peer Subject Peer SHA Thumbprint 0000000000000000000000000000000000000000 Peer Issuing Certificate Authority Root Certificate Authority My Subject C=BR, S=RJ, L=RJ, O=markway, CN=secreto My SHA Thumbprint 48cf1d9ab784752beb668bad71b709a4a8c6b80f Peer IP Address: 200.150.147.244
12-06: 15:00:01:187:aac Me
12-06: 15:00:01:187:aac IKE failed to find valid machine certificate
12-06: 15:00:01:187:aac 0x80092004 0x100
12-06: 15:00:01:187:aac ProcessFailure: sa:000F9F38 centry:00000000 status:35ee
12-06: 15:00:01:187:aac constructing ISAKMP Header
12-06: 15:00:01:187:aac constructing HASH (null)
12-06: 15:00:01:187:aac constructing NOTIFY 28
12-06: 15:00:01:187:aac constructing HASH (Notify/Delete)
12-06: 15:00:01:187:aac
12-06: 15:00:01:187:aac Sending: SA = 0x000F9F38 to 200.150.147.244:Type 1.500
12-06: 15:00:01:187:aac ISAKMP Header: (V1.0), len = 84
12-06: 15:00:01:187:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:01:187:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:01:187:aac exchange: ISAKMP Informational Exchange
12-06: 15:00:01:187:aac flags: 1 ( encrypted )
12-06: 15:00:01:187:aac next payload: HASH
12-06: 15:00:01:187:aac message ID: eecd0940
12-06: 15:00:01:187:aac Ports S:f401 D:f401
12-06: 15:00:01:390:aac
12-06: 15:00:01:390:aac Receive: (get) SA = 0x000f9f38 from 200.150.147.244.500
12-06: 15:00:01:390:aac ISAKMP Header: (V1.0), len = 40
12-06: 15:00:01:390:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:01:390:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:01:390:aac exchange: ISAKMP Informational Exchange
12-06: 15:00:01:390:aac flags: 0
12-06: 15:00:01:390:aac next payload: NOTIFY
12-06: 15:00:01:390:aac message ID: 41d3a553
12-06: 15:00:01:390:aac received an unencrypted packet when crypto active
12-06: 15:00:01:390:aac GetPacket failed 35ec
12-06: 15:00:10:453:aac
12-06: 15:00:10:453:aac Receive: (get) SA = 0x000f9f38 from 200.150.147.244.500
12-06: 15:00:10:453:aac ISAKMP Header: (V1.0), len = 228
12-06: 15:00:10:453:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:10:453:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:10:453:aac exchange: Oakley Main Mode
12-06: 15:00:10:453:aac flags: 0
12-06: 15:00:10:453:aac next payload: KE
12-06: 15:00:10:453:aac message ID: 00000000
12-06: 15:00:10:453:aac received an unencrypted packet when crypto active
12-06: 15:00:10:453:aac GetPacket failed 35ec
12-06: 15:00:30:453:aac
12-06: 15:00:30:453:aac Receive: (get) SA = 0x000f9f38 from 200.150.147.244.500
12-06: 15:00:30:453:aac ISAKMP Header: (V1.0), len = 228
12-06: 15:00:30:453:aac I-COOKIE ced988aae3c23a77
12-06: 15:00:30:453:aac R-COOKIE d8efc30867749d2b
12-06: 15:00:30:453:aac exchange: Oakley Main Mode
12-06: 15:00:30:453:aac flags: 0
12-06: 15:00:30:453:aac next payload: KE
12-06: 15:00:30:453:aac message ID: 00000000
12-06: 15:00:30:453:aac received an unencrypted packet when crypto active
12-06: 15:00:30:453:aac GetPacket failed 35ec
############################################################################
My ipsec.conf
config setup
#interfaces=%defaultroute
interfaces="ipsec0=eth0"
nat_traversal=yes
virtual_private=%v4:192.168.1.0/24,%v4:10.10.120.0/8
#plutodebug=all
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior_secreto
leftsubnet=192.168.1.0/255.255.255.0
left=200.150.147.244
leftnexthop=200.150.147.241
leftcert=secreto.pem
right=%any
esp = 3DES-SHA1
ikelifetime = 900m
auto=add
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
############################################################################
> I was trying to ping my private network, but I can't.
>
> My client is a Windows XP with service Pack 2. I try to use Lynsys Ipsectool and IPSEC.EXE...but with this two tools I get the same error.
I've had reports where installing ipsec.exe on SP2 broke things.
If possible, use a fresh install that didnt contain ipsec.exe
>
> Dec 5 16:17:19 frwmarkway pluto[23129]: | complete state transition with STF_OK
>
> Dec 5 16:17:19 frwmarkway pluto[23129]: "roadwarrior_secreto"[1] 200.217.105.15 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
You logs were incomplete and did not show the problem. pleas DISABLE
plutodebug= and try again, then show us the log. Perhaps also enable
OAKLEY.LOG on Windows. I cannot see from this wether your ipsec part
works or not, or where the errors are.
Paul
More information about the Users
mailing list