[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
Conde Dracula writes:
> > which get no response at all. Then there
> > is an RSA offer which is immediately accepted. Nonces are
> Is the RSA Offer coming from the linux gw?
You said your linux gw was 22.214.171.124 and the trace show it
*receiving* the offer from 126.96.36.199 which I assumed is your OBSD
box but perhaps it is one of your other Linux boxes. Diagnosing
connection failures is not easy when it is not clear what the
addresses are of the boxes involved.
> > then exchanged and certificate requests are issued. At which
> > point the initiator is unhappy about something :-
> Possibly because there are no certificates on the *bsd side.
Indeed, what I don't understand is why the RSA offer was ever made
assuming it is coming from the OBSD box.
> I'll keep looking and trying, and I'll try to obtain some logging from the
> static gw, but as far as i've seen there isn't much. (if nothing at all!).
> I'll see if i can raise the log level or something.
If you do the following :-
linux$ ipsec whack --debug-all
it should generate copious amounts of logging.