[Openswan Users] WG: Problems connecting to IPSec server
Jacco de Leeuw
jacco2 at dds.nl
Fri Sep 21 19:21:12 EDT 2007
Martin Krellmann wrote:
> leftprotoport=17/%any
I'd say: use leftprotoport=17/1701 and phase out non-updated clients.
> Hardware RNG detected, testing if used properly [FAILED]
> Hardware RNG is present but 'rngd' is not running.
Does your CPU have a hardware RNG on board?
> No harware random used!
Cool, you found a typo in Openswan :-)
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
> NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
Better follow this advice.
> NAT is not involved in the test environment (i'm trying to connect on LAN to
> the server), but later it'll be necessary because the server is behind a
> firewall/router
No gear between the client and the server, except perhaps a switch or
a hub?
> decrypting 56 bytes using algorithm OAKLEY_3DES_CBC
> byte 2 of ISAKMP Hash Payload must be zero, but is not
> malformed payload in packet
Are all certificates generated by the same CA? Did you regenerate
your CA and used an old cert from the previous CA, perhaps?
> Vpn-log.html contains the output of the windows diagnostic log for the vpn
> connection attempt. Maybe this is useful, too.
It's in a weird format, Doesn't ring a bell with me. The Oakley.log might
be more interesting.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list