IPSEC tunnel FreeBSD Freeswan (dlouhe)
Josef Dvorak
pepadvorak at volny.cz
Mon May 31 10:09:39 CEST 2004
To spi=0x200 jsem vycet v nakym navodu ale blizsi vysvetleni tam nebylo ->
dik za info.
Nicmene zmineny parametr jsem zkusil vyhodit, ale bez efektu. Spis to vypada
na ten proposal - viz. detailnejsi log:
2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto(): (proto_id=ESP
spisize=4 spi=ace5cd20 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES
encklen=0 authtype=hmac-md5)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES
encklen=0 authtype=hmac-sha)
2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto(): (proto_id=IPCOMP
spisize=2 spi=000041e9 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:869:printsatrns():
(trns_id=DEFLATE)
2004-05-31 10:05:03: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single
bundle:
2004-05-31 10:05:03: DEBUG: proposal.c:828:printsaproto(): (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-05-31 10:05:03: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES
encklen=0 authtype=hmac-sha)
2004-05-31 10:05:03: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched
2004-05-31 10:05:03: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable
policy found.
2004-05-31 10:05:03: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to
pre-process packet.
2004-05-31 10:05:03: DEBUG: oakley.c:2590:oakley_newiv2(): compute IV for
phase2
2004-05-31 10:05:03: DEBUG: oakley.c:2591:oakley_newiv2(): phase1 last IV:
2004-05-31 10:05:03: DEBUG: plog.c:193:plogdump():
621291ed 17767acc 844d7263
Jdu hledat dal - kdyby nekoho neco trklo dejte vedet.
Dik Pepa Dvorak
-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz]On
Behalf Of Dan Lukes
Sent: Thursday, May 27, 2004 4:18 PM
To: FreeBSD mailing list
Subject: Re: IPSEC tunnel FreeBSD Freeswan (dlouhe)
Josef Dvorak wrote:
> Strana Linuxu (Freeswan)
> - ipsec.conf
> conn cz-sk
...
> spi=0x200
Jste jsme k tomu parametru ted nasel tohle:
# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
spi=0x200
Takze by muj vystrel naslepo mohl byt ve skutecnosti dobrym
kvalifikovanym odhadem ...
Dan
--
Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206
root of FIONet, KolejNET, webmaster of www.freebsd.cz
AKA: dan at obluda.cz, dan at freebsd.cz, dan at kolej.mff.cuni.cz
--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
More information about the Users-l
mailing list