> I can't seem to get connected to the Freeswan gateway from a Windows > 2000 Professional mobile user. The user connects via a local ISP on a > dial up line which dynamically assigns an IP everytime the user > connects. > > Any help or pointers would be greatly appreciated. Below are information > pertaining to my configuration. > > > > Diagram > ~~~~~~~ > > __________________ > / \ > | Internal network | > | 10.0.0.0/8 | > \__________________/ > | > | > | eth0 : 10.0.0.1/8 > +----------------+ > | Linux box | > | Freeswan+x509 | > +----------------+ > | eth1 : 202.10.10.54 > | > | > | 202.10.10.53 > +-----------------+ > | ADSL Router | > | Lucent Cellpipe | > +-----------------+ > | > | > ____|____ > / \ > |Internet | > \_________/ > | > | > | > +----------------+ > | Win2K using | > | dial-up | > | w/dynamic IP | > +----------------+ > > > > > > /etc/l2tpd/l2ptd.conf > ~~~~~~~~~~~~~~~~~~~~~ > > [global] > port=1701 > > [lns default] > ip range = 10.0.0.2-10.2.255.255 > local ip = 10.0.0.1 > require chap = yes > refuse pap = yes > require authentication = yes > name = gw.yltrd > ppp debug = yes > pppoptfile = /etc/ppp/options > length bit = yes > > > > > > /etc/ppp/options > ~~~~~~~~~~~~~~~~ > > ipcp-accept-local > ipcp-accept-remote > ms-dns 10.10.10.1 > ms-wins 10.10.10.1 > auth > crtscts > idle 1800 > nodefaultroute > debug > lock > proxyarp > connect-delay 15000 > mtu 1430 > mru 1430 > > > > > > /etc/ipsec.conf > ~~~~~~~~~~~~~~~ > > version 2.0 > > > config setup > interfaces="ipsec0=eth1" > klipsdebug=none > plutodebug=dns > fragicmp=yes > overridemtu=1430 > > > conn %default > keyingtries=0 > compress=yes > authby=rsasig > pfs=no > disablearrivalcheck=yes > > > conn road > left=202.10.10.54 > leftsubnet=10.0.0.0/8 > leftnexthop=202.10.10.53 > leftid="CN=gw.yltrd" > leftrsasigkey=%cert > leftprotoport=17/0 > right=%any > rightid=%any > rightrsasigkey=%cert > rightprotoport=17/1701 > auto=start > > > > > > ipsec auto --status > ~~~~~~~~~~~~~~~~~~~ > > 000 interface ipsec0/eth1 202.10.10.54 > 000 > 000 debug dns > 000 > 000"road"[1]:10.0.0.0/8===202.10.10.54[CN=gw.yltrd]:17/0---202.10.10.53...61.6.103.62:17/1701 > 000 "road"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin:540s; > rekey_fuzz: 100%; keyingtries: 0 > 000 "road"[1]: policy: > RSASIG+ENCRYPT+COMPRESS+TUNNEL+DISABLEARRIVALCHECK; interface: eth1; > unrouted > 000 "road"[1]: newest ISAKMP SA: #0; newest IPsec SA: #0; eroute > owner: #0 > 000 "road": > 10.0.0.0/8===202.10.10.54[CN=gw.yltrd]:17/0---202.10.10.53...%any:17/1701 > 000 "road": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; > rekey_fuzz: 100%; keyingtries: 0 > 000 "road": policy: > RSASIG+ENCRYPT+COMPRESS+TUNNEL+DISABLEARRIVALCHECK; interface: eth1; > unrouted > 000 "road": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: > #0 > 000 > 000 #1: "road"[1] 61.6.103.62 STATE_MAIN_R2 (sent MR2, expecting MI3); > EVENT_RETRANSMIT in 16s > 000 > > > > > > /var/log/secure > ~~~~~~~~~~~~~~~ > > Aug 2 12:14:37 gw ipsec__plutorun: Starting Pluto subsystem... > Aug 2 12:14:37 gw pluto[5845]: Starting Pluto (FreeS/WAN Version 2.01 > X.509-1.4.2 PLUTO_USES_KEYRR) > Aug 2 12:14:37 gw pluto[5845]: Changing to directory > '/etc/ipsec.d/cacerts' > Aug 2 12:14:37 gw pluto[5845]: loaded cacert file 'cacert.pem' (1367 > bytes) > Aug 2 12:14:37 gw pluto[5845]: Changing to directory > '/etc/ipsec.d/crls' > Aug 2 12:14:37 gw pluto[5845]: loaded crl file 'crl.pem' (601 bytes) > Aug 2 12:14:38 gw pluto[5845]: added connection description "road" > Aug 2 12:14:38 gw pluto[5845]: listening for IKE messages > Aug 2 12:14:38 gw pluto[5845]: adding interface ipsec0/eth1 > 202.10.10.54 > Aug 2 12:14:38 gw pluto[5845]: loading secrets from > "/etc/ipsec.secrets" > Aug 2 12:14:38 gw pluto[5845]: loaded private key file > '/etc/ipsec.d/private/gw.yltrd.key' (1743 bytes) > Aug 2 12:14:38 gw pluto[5845]: "road": cannot route Road Warrior > template > Aug 2 12:14:38 gw pluto[5845]: "road": cannot initiate connection > without knowing peer IP address > Aug 2 12:15:28 gw pluto[5845]: packet from 61.6.103.62:500: received > Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da > Aug 2 12:15:28 gw pluto[5845]: packet from 61.6.103.62:500: received > Vendor ID Payload; ASCII hash: @H7Un<h\005%g^\177 > Aug 2 12:15:28 gw pluto[5845]: packet from 61.6.103.62:500: received > Vendor ID Payload; ASCII hash: \020K > Aug 2 12:15:28 gw pluto[5845]: "road"[1] 61.6.103.62 #1: responding to > Main Mode from unknown peer 61.6.103.62 > Aug 2 12:15:28 gw pluto[5845]: "road"[1] 61.6.103.62 #1: only > OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute > OAKLEY_GROUP_DESCRIPTION > Aug 2 12:15:29 gw pluto[5845]: "road"[1] 61.6.103.62 #1: Peer ID is > ID_DER_ASN1_DN: 'CN=ussenterprise.pract' > Aug 2 12:15:29 gw pluto[5845]: "road"[1] 61.6.103.62 #1: no suitable > connection for peer 'CN=ussenterprise.pract' > Aug 2 12:15:29 gw pluto[5845]: "road"[1] 61.6.103.62 #1: sending > notification INVALID_ID_INFORMATION to 61.6.103.62:500 > Aug 2 12:15:30 gw pluto[5845]: "road"[1] 61.6.103.62 #1: Peer ID is > ID_DER_ASN1_DN: 'CN=ussenterprise.pract' > Aug 2 12:15:30 gw pluto[5845]: "road"[1] 61.6.103.62 #1: no suitable > connection for peer 'CN=ussenterprise.pract' > Aug 2 12:15:30 gw pluto[5845]: "road"[1] 61.6.103.62 #1: sending > notification INVALID_ID_INFORMATION to 61.6.103.62:500 > Aug 2 12:15:32 gw pluto[5845]: "road"[1] 61.6.103.62 #1: Peer ID is > ID_DER_ASN1_DN: 'CN=ussenterprise.pract' > Aug 2 12:15:32 gw pluto[5845]: "road"[1] 61.6.103.62 #1: no suitable > connection for peer 'CN=ussenterprise.pract' > Aug 2 12:15:32 gw pluto[5845]: "road"[1] 61.6.103.62 #1: sending > notification INVALID_ID_INFORMATION to 61.6.103.62:500 > Aug 2 12:16:38 gw pluto[5845]: "road"[1] 61.6.103.62 #1: max number of > retransmissions (2) reached STATE_MAIN_R2 > Aug 2 12:16:38 gw pluto[5845]: "road"[1] 61.6.103.62: deleting > connection "road" instance with peer 61.6.103.62 > > > > > > > > >
