[Openswan Users] x509 setup problems
Gbenga
stjames08 at yahoo.co.uk
Wed May 30 04:51:51 EDT 2007
James wrote:
You obviously have problem with the connection but I think you are not waiting for main mode [ike] to complete, hence the message below. Do ipsec auto --down <conn-name> before you attempt to bring up again. That might not solve your problem but you will eliminate the retransmission error.
> 003 "roadwarrior" #1: discarding duplicate packet; already STATE_MAIN_I3
> 010 "roadwarrior" #1: STATE_MAIN_I3: retransmission; will wait 20s for
> response
> 003 "roadwarrior" #1: ignoring informational payload, type
> INVALID_KEY_INFORMATION
>
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
plutodebug=all is not produce way too much message, turn it off
> plutodebug=all
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> conn roadwarrior
> left=%defaultroute
> leftcert=/etc/ipsec.d/certs/host.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> pfs=yes
> leftsubnet=0.0.0.0/0
> auto=add
>
> conn block
> auto=ignore
>
> conn private
> auto=ignore
>
> conn private-or-clear
> auto=ignore
>
> conn clear-or-private
> auto=ignore
>
> conn clear
> auto=ignore
>
> conn packetdefault
> auto=ignore
>
The line below mean the same thing with all conn private,block etc you have above. You can just use one of either.
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
>
>
> *CLIENT CONFIGURATION
> *version 2
>
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> plutodebug=all
>
___________________________________________________________
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
More information about the Users
mailing list