[Openswan Users] x509 setup problems

James james at nttmcl.com
Wed May 30 12:46:44 EDT 2007 

Gbenga wrote:
> James wrote:
>
> You obviously have problem with the connection but I think you are not waiting for main mode [ike] to complete, hence the message below. Do ipsec auto --down <conn-name> before you attempt to bring up again. That might not solve your problem but you will eliminate the retransmission error.
>
>   
I actually already had solved it... don't remember what i did. probably 
remade the certificates again or something

anyhow i have a new problem. I'm establishing a connection but it's not 
tunneling any traffic through.
After i start up the connection and try to ping the vpn server it just 
sits. i also try to ping anything on the network behind it and also a 
timeout.

It's connecting from client to the rightsubnet=0.0.0.0/0

on the server leftsubnet=0.0.0.0/0


dhcp215:/home/james# ipsec auto --up --verbose roadwarrior-all
002 "roadwarrior-all" #3: initiating Main Mode
104 "roadwarrior-all" #3: STATE_MAIN_I1: initiate
003 "roadwarrior-all" #3: received Vendor ID payload [Openswan (this 
version) 2.4.6  X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "roadwarrior-all" #3: received Vendor ID payload [Dead Peer Detection]
003 "roadwarrior-all" #3: received Vendor ID payload [RFC 3947] method 
set to=110
002 "roadwarrior-all" #3: enabling possible NAT-traversal with method 3
002 "roadwarrior-all" #3: transition from state STATE_MAIN_I1 to state 
STATE_MAIN_I2
106 "roadwarrior-all" #3: STATE_MAIN_I2: sent MI2, expecting MR2
003 "roadwarrior-all" #3: NAT-Traversal: Result using 3: no NAT detected
002 "roadwarrior-all" #3: I am sending my cert
002 "roadwarrior-all" #3: I am sending a certificate request
002 "roadwarrior-all" #3: transition from state STATE_MAIN_I2 to state 
STATE_MAIN_I3
108 "roadwarrior-all" #3: STATE_MAIN_I3: sent MI3, expecting MR3
002 "roadwarrior-all" #3: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, 
ST=California, L=xxx, O=xxx, CN=xxx, E=xxx'
002 "roadwarrior-all" #3: transition from state STATE_MAIN_I3 to state 
STATE_MAIN_I4
004 "roadwarrior-all" #3: STATE_MAIN_I4: ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 
group=modp1536}
002 "roadwarrior-all" #5: initiating Quick Mode 
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#3}
117 "roadwarrior-all" #5: STATE_QUICK_I1: initiate
002 "roadwarrior-all" #5: transition from state STATE_QUICK_I1 to state 
STATE_QUICK_I2
004 "roadwarrior-all" #5: STATE_QUICK_I2: sent QI2, IPsec SA established 
{ESP=>0xa6574577 <0x307f6ba4 xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x000047a6 
<0x0000b789 NATD=none DPD=none}

More information about the Users mailing list