[LUGOS] Freeswan + Astaro VPN z PSK

Dalibor lugos at ice.si
Wed Sep 1 10:49:58 CEST 2004 

Narejeno!!
Popravil ikelifetime in delam brez kompresije!

Dalibor wrote:

> Naredil bi VPN z Freeswanom na eni strani in na drugi Astaro firewall. 
> Uporabil bi PSK. Mislim, da sem vse lepo naštimal ampak mi javlja v  
> auth.logu sledeče
>
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> initiating Main Mode
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> Peer ID is ID_IPV4_ADDR: 'xx.xx.xx.xxx'
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> ISAKMP SA established
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #4: 
> initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL+PFS
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> ignoring informational payload, type NO_PROPOSAL_CHOSEN
> Sep  1 10:16:00 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> received and ignored informational message
> Sep  1 10:16:10 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> ignoring informational payload, type INVALID_MESSAGE_ID
> Sep  1 10:16:10 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> received and ignored informational message
> Sep  1 10:16:30 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> ignoring informational payload, type INVALID_MESSAGE_ID
> Sep  1 10:16:30 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #3: 
> received and ignored informational message
> Sep  1 10:17:10 localhost Pluto[27810]: "Dusseldorf-Frankfurt" #4: max 
> number of retransmissions (2) reached STATE_QUICK_I1
>
> Ipsec.secret
> xx.xx.xx.xx yy.yy.yy.yy : PSK "SOME PSK"
> @xx.xx.xx.xx yy.yy.yy.yy : PSK "SOME PSK"
> xx.xx.xx.xx @yy.yy.yy.yy : PSK "SOME PSK"
>
> yy.yy.yy.yy xx.xx.xx.xx  : PSK "SOME PSK"
> @yy.yy.yy.yy xx.xx.xx.xx  : PSK "SOME PSK"
> yy.yy.yy.yy @xx.xx.xx.xx : PSK "SOME PSK"
>
> ipsec.conf
> conn Dusseldorf-Frankfurt
>        type=tunnel
>        left=xx.xx.xx.xx
>        leftnexthop=xxx.xxx.xxx.xxx
>        leftsubnet=192.168.2.0/24
>        right=yy.yy.yy.yy
>        rightnexthop=yyy.yyy.yyy.yyy
>        rightsubnet=10.51.0.0/16
>        authby=secret
>        auth=esp
>        ikelifetime=3600
>        pfs=yes
>        compress=yes
>        auto=start
>
>

More information about the lugos-list mailing list