Re: IPSec / FreeSWAN (linux) - Question 'bout VPN

["Conde Dracula" <conde@dracula.com.ar>]

>  > http://www.jaskus.net/vpn/openbsdvpn.txt
> 
> I had a look at this one.  There is no ipsec barf from the 
> Linux side of things, that would help in tracking down the problem.
I'll see what I can do about this...

> 
> I'm confused by the fact that the trace starts with some 
> pre-shared key offers (from 0.0.0.0 -- is that due you 
> editing the log?) 
Not at all. I've only modified the static_ip gateway and replaced it with
200.200.200.200
I don't know where that 0.0.0.0 comes from. Perhaps it means 'localhost' ?

> which get no response at all.  Then there 
> is an RSA offer which is immediately accepted.  Nonces are 
Is the RSA Offer coming from the linux gw?

> then exchanged and certificate requests are issued.  At which 
> point the initiator is unhappy about something :-
Possibly because there are no certificates on the *bsd side.

> 
>   03:58:01.053482 200.63.160.125.500 > 200.200.200.200.500:  
> [udp sum ok] isakmp v1.0 exchange INFO
>           cookie: 114de4b4a552c208->0000000000000000 msgid: 
> 00000000 len: 40
>           payload: NOTIFICATION len: 12
>               notification: INVALID FLAGS [ttl 0] (id 1)
> 

> Given that you say you are trying to use pre-shared keys and 
> the accepted offer was for RSA then something is not right here.
I'll keep looking and trying, and I'll try to obtain some logging from the
static gw, but as far as i've seen there isn't much. (if nothing at all!).
I'll see if i can raise the log level or something.

Thanks,

Martin.