[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Kevin Droz" <drozk at moeller dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Monowall and Freeswan
 Date:  Mon, 7 Feb 2005 08:32:58 -0800
Actually, it's just a pre shared key, akin to a "password". I suppose
it's possible that it's puking on a 1536 bit key. Try something more
sane like 20 chars. To be sure keep it simple for testing. 20 chars
should be reasonably secure... ever try to brute force a 20 char
password? It would take more than a little while. ;) If you're still
having probs, please send a copy of /etc/ipsec.conf, /etc/ipsec.secrets,
and your ipsec config for m0n0. Scrubbed for safety, but leave an
accurate depiction.

Josh McAllister

-----Original Message-----
From: Kevin Droz [mailto:drozk at moeller dot com] 
Sent: Monday, February 07, 2005 8:02 AM
To: Josh McAllister
Subject: RE: [m0n0wall] Monowall and Freeswan

Its still not working at this point. I'm making my key w/ranbits. I'm
using
the the command "ranbits 1536 > key" to make a key. I assume I'm making
a
key for 1536 because the Monowall is set to DH=5. We have the keys
entered
correctly and still its hanging up in the same area. Thanks for the
help.


-----Original Message-----
From: Josh McAllister [mailto:josh at bluehornet dot com]
Sent: Thursday, February 03, 2005 4:45 PM
To: Kevin Droz
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Monowall and Freeswan


This means the PSK doesn't match, or the format is incorrect. It's an
"authentication error". Though if you've gotten this far, I believe it
is matching the correct line in /etc/ipsec.secrets. As for your previous
message... nothing else matters until you get this part right.

Josh McAllister

-----Original Message-----
From: Kevin Droz [mailto:drozk at moeller dot com]
Sent: Thursday, February 03, 2005 2:06 PM
To: Josh McAllister
Subject: RE: [m0n0wall] Monowall and Freeswan

Another Update

I'm also getting this Error

state transition function for STATE_MAIN_I2 failed:
INVALID_KEY_INFORMATION

-----Original Message-----
From: Josh McAllister [mailto:josh at bluehornet dot com]
Sent: Thursday, February 03, 2005 2:01 PM
To: Kevin Droz; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Monowall and Freeswan


You need to setup /etc/ipsec.secrets
x.x.x.x y.y.y.y : PSK "secret"

Where x.x.x.x is remote (m0n0)
And y.y.y.y is local (FreeSwan)

Josh McAllister
-----Original Message-----
From: Kevin Droz [mailto:drozk at moeller dot com]
Sent: Thursday, February 03, 2005 10:30 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Monowall and Freeswan

Hello Everyone,

I'm trying to make a IPSEC conection with a freeswan server. I used the
setup in the Documentation and getting an error. Here is my config file
and
error

Error: Can't authenticate: no preshared key found for `X.X.X.X' and
`X.X.X.X'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Feb  3 12:27:52 router2 pluto[5243]: "vpn1" #11: no acceptable Oakley
Transform



Config File:

config setup
       interfaces=%defaultroute
       klipsdebug=none
       plutodebug=none
       uniqueids=yes

conn %default
       keyingtries=0
       #compress=yes

conn block
   auto=ignore

conn private
   auto=ignore

conn private-or-clear
   auto=ignore

conn clear-or-private
   auto=ignore

conn clear
   auto=ignore

conn packetdefault
   auto=ignore

conn vpn1
       type=tunnel
       left=ip.add.of.m0n0
       leftsubnet=m0n0.side.subnet/24
       leftnexthop=%defaultroute
       right=ip.add.of.freeswan
       rightsubnet=freeswan.side.subnet/24
       rightnexthop=%defaultroute
       authby=secret
       auth=esp
       esp=3des-md5-96
       pfs=no
       auto=start



Mono Config

m0n0-side:
Phase1
Neg. mode = main
Enc. Alg = 3DES
Hash Alg = MD5
DH key grp = 5

Phase2
Protocol = ESP
Uncheck all Enc. Alg. Except 3des
Hash alg = md5
PFS key group = off





---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch