Hi Howard, Found out there was a bug in 1.97 with the X.509 patch applied. Looking at upgrading the patch on the 1.97 machine to fix the problem. (Asked on the FreeS/WAN list.)
Thanks heaps for the assistance. Mike ----- Original Message ----- From: "Howard Lowndes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, April 05, 2003 7:18 AM Subject: Re: [SLUG] IPSec blues > On Fri, 4 Apr 2003 [EMAIL PROTECTED] wrote: > > > G'day all... > > > > With our recent server crash, I've been trying to reimplement the VPN. > > > > Please note that on the other end of the VPN they are using FreeS/WAN > > IPsec 1.97 and on this side 1.99 > > > > I've copied the /etc/ipsec.conf and /etc/ipsec.secrets file from the > > crashed machine into the replacement box. > > > > I start ipsec - /etc/init.d/ipsec start - everything fine. > > No proper routing comes up though when I do a 'route' and I can't ping the > > other side. > > > > I've been playing with things like 'ipsec auto --ready' and 'ipsec auto > > --up <connection name used in /etc/ipsec.conf>' .. to no avail on either > > end. > > > > On the far end I get: > > 112 "woolloomooloo-nth_sydney" #46: STATE_QUICK_I1: initiate > > 010 "woolloomooloo-nth_sydney" #46: STATE_QUICK_I1: retransmission; will > > wait 20s for response > > 010 "woolloomooloo-nth_sydney" #46: STATE_QUICK_I1: retransmission; will > > wait 40s for response > > 031 "woolloomooloo-nth_sydney" #46: max number of retransmissions (2) > > reached STATE_QUICK_I1. No acceptable response to our first Quick Mode > > message: perhaps peer likes no proposal > > 000 "woolloomooloo-nth_sydney" #46: starting keying attempt 2 of an > > unlimited number, but releasing whack > > > > When trying the same this on this end I get: > > 029 "woolloomooloo-nth_sydney": cannot initiate connection without knowing > > peer IP address > > Try to work out why it is not resolving this, I think this could be the > cause. > > > > > > More information is available upon request. > > > > Any help would be greatly appreciated I've spent most of today trying to > > figure this out and things are gloomy. > > > > Thanks. > > > > Mike > > --- > > Michael S. E. Kraus > > Administration > > Capital Holdings Group (NSW) Pty Ltd > > p: (02) 9955 8000 > > -- > Howard. > LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com> > ------------------------------------------ > Flatter government, not fatter government - Get rid of the Australian states. > ------------------------------------------ > I before E except after C. We live in a weird society! > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
