[PUG] Ipsec

Wed, 25 Jun 2003 08:02:44 -0700 

hi,

mein IP Sec l�sst mich nicht ruhen.

auth.log

Jun 25 16:50:38 debian pluto[6742]: Changing to directory
'/etc/ipsec.d/crls'
Jun 25 16:50:38 debian pluto[6742]:   loaded crl file 'crl.pem' (629
bytes)
Jun 25 16:50:38 debian pluto[6742]:   could not open my default X.509
cert file '/etc/x509cert.der'
Jun 25 16:50:38 debian pluto[6742]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Jun 25 16:50:39 debian pluto[6742]:   loaded host cert file
'/etc/ipsec.d/gatewaycert.pem' (4281 bytes)
Jun 25 16:50:39 debian pluto[6742]: added connection description
"windows"
Jun 25 16:50:39 debian pluto[6742]: listening for IKE messages
Jun 25 16:50:39 debian pluto[6742]: adding interface ipsec0/ppp0
82.82.136.84
Jun 25 16:50:39 debian pluto[6742]: loading secrets from
"/etc/ipsec/ipsec.secrets"
Jun 25 16:50:39 debian pluto[6742]:   loaded private key file
'/etc/ipsec.d/private/gatewaykey.key' (1752 bytes)
Jun 25 16:55:16 debian pluto[6742]: packet from 217.225.202.50:500:
ignoring Vendor ID payload
Jun 25 16:55:16 debian last message repeated 2 times
Jun 25 16:55:16 debian pluto[6742]: "windows"[1] 217.225.202.50 #1:
responding to Main Mode from unknown peer 217.225.202.50
Jun 25 16:55:17 debian pluto[6742]: "windows"[1] 217.225.202.50 #1:
encrypted Informational Exchange message is invalid because it is for
incomplete ISAKMP SA


Kann einer was damit anfangen?

Meine Anleitung stammt von hier:

http://www.shinewelt.de/linux/w2k_roadwarrior_freeswan.pdf

Da der W2k hinter einem Linux/Nat steht, habe ich diese Regeln:

# ipsec

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.100.0 -d \
!192.168.3.0/24 -j MASQUERADE

/sbin/iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT
# ESP (nur Port, -kein Protokoll!)
/sbin/iptables -A INPUT -p 50 -j ACCEPT
/sbin/iptables -A OUTPUT -p 50 -j ACCEPT

Ich sitze jetzt schon seit Stunden dran :-/

cu denny

----------------------------------------------------------------------------
PUG - Penguin User Group Wiesbaden - http://www.pug.org

Antwort per Email an