IPSEC tunnel FreeBSD Freeswan (dlouhe)

Josef Dvorak pepadvorak at volny.cz
Mon May 31 10:09:39 CEST 2004


To spi=0x200 jsem vycet v nakym navodu ale blizsi vysvetleni tam nebylo ->
dik za info.
Nicmene zmineny parametr jsem zkusil vyhodit, ale bez efektu. Spis to vypada
na ten proposal - viz. detailnejsi log:

2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():  (proto_id=ESP
spisize=4 spi=ace5cd20 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
encklen=0 authtype=hmac-md5)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
encklen=0 authtype=hmac-sha)
2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():  (proto_id=IPCOMP
spisize=2 spi=000041e9 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:869:printsatrns():
(trns_id=DEFLATE)
2004-05-31 10:05:03: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single
bundle:
2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto():  (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns():   (trns_id=3DES
encklen=0 authtype=hmac-sha)
2004-05-31 10:05:03: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched
2004-05-31 10:05:03: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable
policy found.
2004-05-31 10:05:03: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to
pre-process packet.
2004-05-31 10:05:03: DEBUG: oakley.c:2590:oakley_newiv2(): compute IV for
phase2
2004-05-31 10:05:03: DEBUG: oakley.c:2591:oakley_newiv2(): phase1 last IV:
2004-05-31 10:05:03: DEBUG: plog.c:193:plogdump():
621291ed 17767acc 844d7263

Jdu hledat dal - kdyby nekoho neco trklo dejte vedet.

Dik Pepa Dvorak

-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz]On
Behalf Of Dan Lukes
Sent: Thursday, May 27, 2004 4:18 PM
To: FreeBSD mailing list
Subject: Re: IPSEC tunnel FreeBSD Freeswan (dlouhe)


Josef Dvorak wrote:

> Strana Linuxu (Freeswan)
> - ipsec.conf
> conn cz-sk
...
>         spi=0x200

	Jste jsme k tomu parametru ted nasel tohle:

# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
spi=0x200


	Takze by muj vystrel naslepo mohl byt ve skutecnosti dobrym
kvalifikovanym odhadem ...

						Dan


--
Dan Lukes      tel: +420 2 21914205, fax: +420 2 21914206
root  of FIONet,  KolejNET,  webmaster  of www.freebsd.cz
AKA: dan at obluda.cz, dan at freebsd.cz, dan at kolej.mff.cuni.cz
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l




More information about the Users-l mailing list