[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec / FreeSWAN (linux) - Question 'bout VPN

To: "Conde Dracula" <conde@dracula.com.ar>
Subject: Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
From: "Stephen J. Bevan" <stephen@dino.dnsalias.com>
Date: Sun, 8 Feb 2004 21:17:49 -0800
Cc: "'Stephen J. Bevan'" <stephen@dino.dnsalias.com>,<misc@openbsd.org>
References: <16423.571.497286.960658@anakin.>

Conde Dracula writes:
 > > which get no response at all.  Then there 
 > > is an RSA offer which is immediately accepted.  Nonces are 
 > Is the RSA Offer coming from the linux gw?

You said your linux gw was 200.200.200.200 and the trace show it
*receiving* the offer from 200.63.160.125 which I assumed is your OBSD
box but perhaps it is one of your other Linux boxes.  Diagnosing
connection failures is not easy when it is not clear what the
addresses are of the boxes involved.

 > > then exchanged and certificate requests are issued.  At which 
 > > point the initiator is unhappy about something :-
 > Possibly because there are no certificates on the *bsd side.

Indeed, what I don't understand is why the RSA offer was ever made
assuming it is coming from the OBSD box.

 > I'll keep looking and trying, and I'll try to obtain some logging from the
 > static gw, but as far as i've seen there isn't much. (if nothing at all!).
 > I'll see if i can raise the log level or something.

If  you do the following :-

  linux$ ipsec whack --debug-all

it should generate copious amounts of logging.

Follow-Ups:
- Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
  - From: "Conde Dracula" <conde@dracula.com.ar>

References:
- Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
  - From: "Stephen J. Bevan" <stephen@dino.dnsalias.com>

Prev by Date: Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
Next by Date: Re: OBSD firewall/router and DSL
Prev by thread: Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
Next by thread: Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
Index(es):
- Date
- Thread