[Openswan Users] initial Main Mode message received on X:500 but no connection has been authorized

Thomas Novin thnov at xyz.pp.se
Wed May 14 03:12:54 EDT 2008


On Wed, 2008-05-14 at 02:08 -0400, Paul Wouters wrote:
> On Tue, 13 May 2008, Thomas Novin wrote:
> > No need for a reply. I switched to OpenVPN and managed to get it up and running in 10 minutes. Well documented with man-pages, HOWTO's, FAQ and Examples, see www.openvpn.net.
> >
> > There even was an addon for NetworkManager so you can configure/start/stop your client connections from there.
> 
> I hope you generated these keys on non-debian/ubuntu machines, or else you are now
> running with vulnerable keys......

In fact I did but this was fixed yesterday and caused the server to shut
down and it wouldn't start until you had generated new keys.

May 13 21:58:56 mistik ovpn-server[13946]: OpenVPN 2.1_rc7
i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May 13 2008
May 13 21:58:56 mistik ovpn-server[13946]: /usr/sbin/openssl-vulnkey -q
server.key
May 13 21:58:56 mistik ovpn-server[13946]: ERROR: 'server.key' is a
known vulnerable key. See 'man openssl-vulnkey' for details.
May 13 21:58:56 mistik ovpn-server[13946]: Exiting

More information is available at
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html.

> Yes. IPsec is harder to setup then Openvpn. But if offers more and scales much better,
> neither of which will matter much to a 1-3 user system.

I've worked with lots of IPsec solutions (hardware based) but I don't
think I've come across anything so hard to configure as Openswan. It's a
shame because you can do virtually anything with it, if you just know
how to.

Rgds



More information about the Users mailing list