Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Antw: RES: [suse-security] Freeswan problem with multiple XP roadwarriors
  • From: "Andreas Thierer" <athierer@xxxxxx>
  • Date: Wed, 23 Jul 2003 16:27:06 +0200
  • Message-id: <sf1eb781.063@xxxxxx>
Do your XP-Roadwarriors have the same certificate? There can only be
one
tunnel per cert.

andy

>>> "Valter Rehn" <valter@xxxxxxxxxxxx> 18.06.2003 17:56:39 >>>
you could try to create separate "conn" sections for each
roadwarrior...
I've never tried this configuration, but it's worth a try.

regards,
Valter Rehn

"Windows - A thirty two bit extension and gui shell to a sixteen bit
patch to an eight bit operating system originally coded for a four bit
microprocessor and sold by a two bit company that can't stand one bit
of competition." (Kevin Wilcox)


-----Mensagem original-----
De: Absender fnr suse-security-mailingliste [mailto:linux@xxxxxx]
Enviada em: Wednesday, June 18, 2003 06:04
Para: suse-security@xxxxxxxx
Assunto: [suse-security] Freeswan problem with multiple XP
roadwarriors


I have trouble connecting multiple XP roadworriors to a freeswan
gateway. For
each client an IPSEC tunnel can be established individually. But to
have both
clients connected at the same time is not possible.
I have the following setup:

Roadwarrior1/2 --- ras-router --- vpn-gateway --- internal-subnet
10.5.5.(1,2) --- 10.6.1.3 --- 10.6.1.1/10.7.1.1 --- 192.168.0.0/24

For roadwarrior1 everything works as espected. The tunnel can be
established
and the client can ping the internal subnet. When roadwarrior2 tries to

connect, I get the following error

"roadwarrior"[5] 10.5.5.2 #5: discarding duplicate packet; already
STATE_MAIN_R2

and the connection of roadwarrior1 hangs too!
Seems as if freeswan/x509 (SuSE 8.2) wouldn't be able to separate the
connections.

My ipsec.conf:
---
# basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
#nat_traversal=yes

# defaults for subsequent connection descriptions
conn %default
keyingtries=3
disablearrivalcheck=yes
authby=rsasig
leftcert=vpncert.pem
left=10.6.1.1
leftnexthop=10.6.1.3
leftsubnet=192.168.0.0/24
rightrsasigkey=%cert
leftupdown=/usr/lib/ipsec/_updown.x509
pfs=yes
auto=add

conn roadwarrior
right=%any
rightsubnetwithin=10.5.5.0/24
auto=add
---


Did anybody have a similar problem. Any hints are welcome.

Mirko



-----------------------------------
Mirko Belick
Bundesdruckerei GmbH
IT-Netzmanagement
10598 Berlin
Oranienstrasse 91

Email: belick@xxxxxx
http://www.bundesdruckerei.de


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
This Thread
  • No further messages