[ previous ] [ next ] [ threads ]
 
 From:  Matthew Barr <mbarr at mbarr dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC, m0n0wall, KAME & Mac OS X 10.3
 Date:  Wed, 28 Jan 2004 16:24:53 -0500
Just to go ahead and help clarify for some of the more expert people 
around.. Mac OS X 10.3 is using KAME, and racoon.  It *should* be 
possible to get this to work.
For the life of me, however, I can't figure it out.

I think I have the correct SPD's, and the racoon.conf settings are the 
same as the M0n0wall's (well, minus obvoius changes).  The thing I'm 
getting hung up on is the ID.

The fiirewall is set to use "My IP Address", and has a PSK setup for 
mbarr at mbarr dot net.   the laptop is set to use user-fqdn 
"mbarr at mbarr dot net", with a PSK for the same thing...

(Laptop has:
         my_identifier user_fqdn "mbarr at mbarr dot net";
         peers_identifier user_fqdn "mbarr at mbarr dot net";
)



I'm getting these errors from racoon on the laptop:
2004-01-28 15:36:44: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1(): ID 
type mismatched.
2004-01-28 15:36:44: WARNING: ipsec_doi.c:3086:ipsecdoi_checkid1(): ID 
value mismatched.
2004-01-28 15:36:44: NOTIFY: oakley.c:2057:oakley_skeyid(): couldn't 
find the proper pskey, try to get one by the peer's address.
2004-01-28 15:36:44: ERROR: oakley.c:1190:oakley_validate_auth(): HASH 
mismatched

I'm actually getting wierder errors on the server side, with:

Jan 28 15:35:10
racoon: ERROR: isakmp_inf.c:181:isakmp_info_recv(): reject the packet, 
received unexpecting payload type 2.

racoon: NOTIFY: isakmp.c:255:isakmp_handler(): the packet is 
retransmitted by 141.149.50.64[500].

However, I'm seing unexpected payloads of types: 2,58,43,98,202,224, 
169,206,16,26, 111,180.

I'd really like some pointers on tracking down the error.  Switching to 
Debug logging on the laptop proudces some rather large amounts of data. 
  I'm currently at notice.

Any body got any suggestions here?  I'm not sure Dana has the same 
problem I do, but i'm guessing it's rather similar :-)

  --------------------------------
Matthew Barr
mbarr at datalyte dot com
Managing Partner
Datalyte Consulting, LLC.
(646) 765-6878    (cell)
On Jan 22, 2004, at 12:29 PM, Dana Spiegel wrote:

> I'm having some issues configuring m0n0wall and my OS X 10.3 laptop to 
> use mobile IPSEC. Does anyone have any experience with this that can 
> provide a step by step guide to setting up both the laptop and the 
> router?
>
> Thanks for your help!
>

> Director, NYCwireless
> dana at nycwireless dot net
> www.nycwireless.net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch