|
||||||||||
Hi Alexandre You need the same settings on both sides... regards Andreas Alexandre Moles wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I'm having trouble getting my vpn tunnel working between IpCop and > m0n0wall. > > I replaced the real public IP addresses in the following log and conf > files, by : > - gw1-IP : ipcop > - gw2-IP : m0n0wall > > Here's my log entries : > > Jun 1 13:09:02 gwlille racoon: DEBUG: === > Jun 1 13:09:02 gwlille racoon: DEBUG: 380 bytes message received from > gw1-IP[500] to 192.168.1.21[500] > Jun 1 13:09:02 gwlille racoon: DEBUG: 39d1bda3 6ec86020 63c5ad87 > 179f2eea 08102001 493a1c7d 0000017c 85d719bd 50ded177 0feb9237 > 79313960 89d60cef 2cf01604 5443a4e9 784489b3 bce5c39f ae02a4ce > 2b0987d5 1ba2d23e 56459223 934114b8 c9575063 2abd41fd 036caf8b > 0831db96 9995dad2 b976e1d3 5963b521 0ae63e67 c71029bd ce5df477 > c305b6fe 5812ab1a 808d0560 bd66a104 1492a02d 0dfa093b de15b7fd > 7885157e 7402e5f3 645491e5 7bbb5cd8 15c9bb89 4f65cc27 dd37b154 > 93b47121 28723cf0 b0c185d3 19103d5c 98338d37 a8b7f5a8 c1c158cf > e1dca579 d02786ff 0794c7ec cd0f6719 1bb249a2 ed88cc92 f3f7152f > fe5fac29 bd1a3c87 fe85711d fefe921a 0326eab0 1f6a7e2c 4f9b5c85 > b7747b62 657e7de4 659a0778 ef3ffd8b 62040f6f d0ca45c0 2e64661e > 21124717 24cedae3 4555e3cf 36311e4b 34de1541 70fbde91 aa7b613b > 095f53a3 7c2b2032 91bb61e4 6a4567f9 867a9d6c 56f210a9 ac5c6b18 > 8078bb7b 378760f0 93ad56ec 400710d0 05407718 7a2bd246 375d80af e531b902 > Jun 1 13:09:02 gwlille racoon: DEBUG: compute IV for phase2 > Jun 1 13:09:02 gwlille racoon: DEBUG: phase1 last IV: > Jun 1 13:09:02 gwlille racoon: DEBUG: e172b86f 339e2314 493a1c7d > Jun 1 13:09:02 gwlille racoon: DEBUG: hash(sha1) > Jun 1 13:09:02 gwlille racoon: DEBUG: encryption(3des) > Jun 1 13:09:02 gwlille racoon: DEBUG: phase2 IV computed: > Jun 1 13:09:02 gwlille racoon: DEBUG: 47a65389 711cf00d > Jun 1 13:09:02 gwlille racoon: DEBUG: === > Jun 1 13:09:02 gwlille racoon: INFO: respond new phase 2 negotiation: > 192.168.1.21[0]<=>gw1-IP[0] > Jun 1 13:09:02 gwlille racoon: DEBUG: begin decryption. > Jun 1 13:09:02 gwlille racoon: DEBUG: encryption(3des) > Jun 1 13:09:02 gwlille racoon: DEBUG: IV was saved for next processing: > Jun 1 13:09:02 gwlille racoon: DEBUG: 375d80af e531b902 > Jun 1 13:09:02 gwlille racoon: DEBUG: encryption(3des) > Jun 1 13:09:02 gwlille racoon: DEBUG: with key: > Jun 1 13:09:02 gwlille racoon: DEBUG: 11cd0d70 7b7b466c ec236276 > b63f68b7 98c45ea2 f3379b3c > Jun 1 13:09:02 gwlille racoon: DEBUG: decrypted payload by IV: > Jun 1 13:09:02 gwlille racoon: DEBUG: 47a65389 711cf00d > Jun 1 13:09:02 gwlille racoon: DEBUG: decrypted payload, but not trimed. > Jun 1 13:09:02 gwlille racoon: DEBUG: 01000018 dd6ccc1e 63ee64ea > 794659e4 e5f8c14d 587814f5 0a000090 00000001 00000001 00000084 > 00030404 df6b5fd5 03000020 000c0000 80030002 80040001 80010001 > 80027080 80050002 80060080 03000020 010c0000 80030002 80040001 > 80010001 80027080 80050001 80060080 0300001c 02030000 80030002 > 80040001 80010001 80027080 80050002 0000001c 03030000 80030002 > 80040001 80010001 80027080 80050001 04000014 8e1fafb6 d6034640 > 1a6acec0 38641da7 05000084 9e26b4d9 7397da6a 79ff67ff d063d121 > 1fac571f e46f2f53 f3f5e34d c98aa0cf 554cb85f d7dffbf5 bf43f647 > a3eb9706 8ccdda95 26e48daa 2dcdd25c 6b4e7a58 811808e3 301c6732 > f1e53fa5 4f03fb78 10e4650d c95505ad 3084faad aa836f61 59cbf060 > f0582693 7db5ee14 bcef994e 0b6f7514 c31ff3f4 36387e35 5ce9bff5 > 05000010 04000000 c0a80a00 ffffff00 00000010 04000000 c0a80b00 ffffff00 > Jun 1 13:09:02 gwlille racoon: DEBUG: padding len=1 > Jun 1 13:09:02 gwlille racoon: DEBUG: skip to trim padding. > Jun 1 13:09:02 gwlille racoon: DEBUG: decrypted. > Jun 1 13:09:02 gwlille racoon: DEBUG: 39d1bda3 6ec86020 63c5ad87 > 179f2eea 08102001 493a1c7d 0000017c 01000018 dd6ccc1e 63ee64ea > 794659e4 e5f8c14d 587814f5 0a000090 00000001 00000001 00000084 > 00030404 df6b5fd5 03000020 000c0000 80030002 80040001 80010001 > 80027080 80050002 80060080 03000020 010c0000 80030002 80040001 > 80010001 80027080 80050001 80060080 0300001c 02030000 80030002 > 80040001 80010001 80027080 80050002 0000001c 03030000 80030002 > 80040001 80010001 80027080 80050001 04000014 8e1fafb6 d6034640 > 1a6acec0 38641da7 05000084 9e26b4d9 7397da6a 79ff67ff d063d121 > 1fac571f e46f2f53 f3f5e34d c98aa0cf 554cb85f d7dffbf5 bf43f647 > a3eb9706 8ccdda95 26e48daa 2dcdd25c 6b4e7a58 811808e3 301c6732 > f1e53fa5 4f03fb78 10e4650d c95505ad 3084faad aa836f61 59cbf060 > f0582693 7db5ee14 bcef994e 0b6f7514 c31ff3f4 36387e35 5ce9bff5 > 05000010 04000000 c0a80a00 ffffff00 00000010 04000000 c0a80b00 ffffff00 > Jun 1 13:09:02 gwlille racoon: DEBUG: begin. > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=8(hash) > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=1(sa) > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=10(nonce) > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=4(ke) > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=5(id) > Jun 1 13:09:02 gwlille racoon: DEBUG: seen nptype=5(id) > Jun 1 13:09:02 gwlille racoon: DEBUG: succeed. > Jun 1 13:09:02 gwlille racoon: DEBUG: received IDci2: > Jun 1 13:09:02 gwlille racoon: DEBUG: 04000000 c0a80a00 ffffff00 > Jun 1 13:09:02 gwlille racoon: DEBUG: received IDcr2: > Jun 1 13:09:02 gwlille racoon: DEBUG: 04000000 c0a80b00 ffffff00 > Jun 1 13:09:02 gwlille racoon: DEBUG: HASH(1) validate: > Jun 1 13:09:02 gwlille racoon: DEBUG: dd6ccc1e 63ee64ea 794659e4 > e5f8c14d 587814f5 > Jun 1 13:09:02 gwlille racoon: DEBUG: HASH with: > Jun 1 13:09:02 gwlille racoon: DEBUG: 493a1c7d 0a000090 00000001 > 00000001 00000084 00030404 df6b5fd5 03000020 000c0000 80030002 > 80040001 80010001 80027080 80050002 80060080 03000020 010c0000 > 80030002 80040001 80010001 80027080 80050001 80060080 0300001c > 02030000 80030002 80040001 80010001 80027080 80050002 0000001c > 03030000 80030002 80040001 80010001 80027080 80050001 04000014 > 8e1fafb6 d6034640 1a6acec0 38641da7 05000084 9e26b4d9 7397da6a > 79ff67ff d063d121 1fac571f e46f2f53 f3f5e34d c98aa0cf 554cb85f > d7dffbf5 bf43f647 a3eb9706 8ccdda95 26e48daa 2dcdd25c 6b4e7a58 > 811808e3 301c6732 f1e53fa5 4f03fb78 10e4650d c95505ad 3084faad > aa836f61 59cbf060 f0582693 7db5ee14 bcef994e 0b6f7514 c31ff3f4 > 36387e35 5ce9bff5 05000010 04000000 c0a80a00 ffffff00 00000010 > 04000000 c0a80b00 ffffff00 > Jun 1 13:09:02 gwlille racoon: DEBUG: hmac(hmac_sha1) > Jun 1 13:09:02 gwlille racoon: DEBUG: HASH computed: > Jun 1 13:09:02 gwlille racoon: DEBUG: dd6ccc1e 63ee64ea 794659e4 > e5f8c14d 587814f5 > Jun 1 13:09:02 gwlille racoon: ERROR: failed to get sainfo. > Jun 1 13:09:02 gwlille racoon: ERROR: failed to get sainfo. > Jun 1 13:09:02 gwlille racoon: ERROR: failed to pre-process packet. > > My tunnel conf on m0n0wall : > > <tunnel> > <interface>wan</interface> > <local-subnet> > <network>lan</network> > </local-subnet> > <remote-subnet>192.168.0.0/24</remote-subnet> > <remote-gateway>gw1-IP</remote-gateway> > <p1> > <mode>main</mode> > <myident> > <address>gw2-IP</address> > </myident> > <encryption-algorithm>3des</encryption-algorithm> > <hash-algorithm>sha1</hash-algorithm> > <dhgroup>2</dhgroup> > <lifetime>28800</lifetime> > <pre-shared-key>xxxxx</pre-shared-key> > <private-key/> > <cert/> > <peercert/> > > <authentication_method>pre_shared_key</authentication_method> > </p1> > <p2> > <protocol>esp</protocol> > > <encryption-algorithm-option>3des</encryption-algorithm-option> > > <encryption-algorithm-option>blowfish</encryption-algorithm-option> > > <encryption-algorithm-option>cast128</encryption-algorithm-option> > > <encryption-algorithm-option>rijndael</encryption-algorithm-option> > <hash-algorithm-option>hmac_sha1</hash-algorithm-option> > <hash-algorithm-option>hmac_md5</hash-algorithm-option> > <pfsgroup>0</pfsgroup> > <lifetime>28800</lifetime> > </p2> > <descr>VPN Lille to Cachan</descr> > </tunnel> > > And finally my IpCop ipsec.conf file content : > > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug="raw crypt parsing emitting control klips dns nat_t " > plutoload=%search > plutostart=%search > uniqueids=yes > nat_traversal=yes > > virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/255.255.255.0,%v4:!192.168.0.0/255.255.255.0,%v4:!192.168.11.0/24 > > conn %default > keyingtries=0 > disablearrivalcheck=no > > > conn LilleCachan > left=gw1-IP > leftnexthop=%defaultroute > leftsubnet=192.168.10.0/24 > right=gw2-IP > rightsubnet=192.168.11.0/24 > rightnexthop=%defaultroute > > ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024 > esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5 > ikelifetime=1h > keylife=8h > dpddelay=30 > dpdtimeout=120 > dpdaction=restart > pfs=yes > authby=secret > auto=start > > Hope anyone can give me a little help, I'm close to being desperate... :p > > Regards. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEfs4dXW1HhtcYan4RAkXAAJ0aJb7cHXcrVXwydejH1/dkIY+oNACfcBIk > PS5JD4AcVd9sxJ56mJPV3TA= > =korI > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > -- STASOFT AG P: +41 61 726 80 70 F: +41 61 726 80 79 |