re bonjour tout le monde
<BR>
<BR>
vpn
<BR>
<BR>rappel de la config :
<BR>
<BR>debian 3.0 k2.4.18
<BR>freeswan 1.96
<BR>postes nomades xp et windows a connecter au reseau local de l'entreprise
<BR>
<BR>j'utilise la documentation de Jacques Grillot qu'on peut trouver là : <!-- BBCode auto-link start --><a href="http://www.sinasina.com/linux/securite/linux_windows.php" target="_blank">http://www.sinasina.com/linux/securite/linux_windows.php</a><!-- BBCode auto-link end -->
<BR>
<BR>(tres bein faite, tres claire) mais ca merdouille au moment d'initier la connexion
<BR>
<BR>voici un extrait du fichier auth.log lorsque je tente une connexion :
<BR>
<BR>apres lancement de la commande ipsec.exe -debug sous dos et un ping d'une ip
<BR>interne au reseau :
<BR>
<BR>--- debut ping
<BR>May 15 13:50:31 testserveur Pluto[22700]: packet from 62.147.223.61:500:ignoring Vendor ID payload
<BR>May 15 13:50:31 testserveur Pluto[22700]: "sapc" 62.147.223.61 #8: responding to Main Mode from unknown peer 62.147.223.61
<BR>May 15 13:50:31 testserveur Pluto[22700]: "sapc" 62.147.223.61 #8: encrypted
<BR>Informational Exchange message is invalid because it is for incomplete ISAKMP SA
<BR>--- fin ping
<BR>
<BR>62.147.223.61, c'est l'ip de ma connexion free a distance (le nomade)
<BR>
<BR>
<BR>et apres tentative de connexion vpn a distance :
<BR>
<BR>
<BR>1er essai :
<BR>
<BR>
<BR>--- debut connexion
<BR>May 15 13:51:41 testserveur Pluto[22700]: "sapc" 62.147.223.61 #8: max number of retransmissions (2) reached STATE_MAIN_R2
<BR>May 15 13:51:48 testserveur Pluto[22700]: packet from 62.147.223.61:500: ignoring Vendor ID payload
<BR>May 15 13:51:48 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9:responding to Main Mode from unknown peer 62.147.223.61
<BR>May 15 13:51:49 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9: Peer ID is
<BR>ID_DER_ASN1_DN: 'C=FR, ST=FRANCE, L=MONTREUIL, O=SAPC, OU=INFO, CN=SAPC NOMADE, E=SAPC@SAPC.FR'
<BR>May 15 13:51:49 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9: sent MR3, SAKMP SA established
<BR>May 15 13:51:49 testserveur Pluto[22700]: ERROR: asynchronous network error report on eth1 for message to 62.147.223.61 port 500, complainant 192.1.0.254: Message too long [errno 90, origin ICMP type 3 code 4 (not authenticated)]
<BR>May 15 13:51:50 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9: retransmitting in response to duplicate packet; already STATE_MAIN_R3
<BR>May 15 13:51:50 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9: ignoring Delete SA payload
<BR>May 15 13:51:50 testserveur Pluto[22700]: "sapc" 62.147.223.61 #9: received and ignored informational message
<BR>--- fin connexion
<BR>
<BR>2eme essai :
<BR>
<BR>--- debut connexion2
<BR>May 15 13:52:30 testserveur Pluto[22700]: packet from 62.147.223.61:500:ignoring Vendor ID payload
<BR>May 15 13:52:30 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: responding to Main Mode from unknown peer 62.147.223.61
<BR>May 15 13:52:32 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: Peer ID
<BR>is ID_DER_ASN1_DN: 'C=FR, ST=FRANCE, L=MONTREUIL, O=SAPC, OU=INFO, CN=SAPC NOMADE, E=SAPC@SAPC.FR'
<BR>May 15 13:52:32 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: sent MR3, ISAKMP SA established
<BR>May 15 13:52:32 testserveur Pluto[22700]: packet from 62.147.223.61:500: Informational Exchange is for an unknown (expired?) SA
<BR>May 15 13:52:32 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: retransmitting in response to duplicate packet; already STATE_MAIN_R3
<BR>May 15 13:52:33 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: ignoring Delete SA payload
<BR>May 15 13:52:33 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: received and
<BR>ignored informational message
<BR>May 15 13:52:33 testserveur Pluto[22700]: "sapc" 62.147.223.61 #10: Informational Exchange message for an established ISAKMP SA must be encrypted
<BR>--- fin connexion2
<BR>
<BR>
<BR>
<BR>Qui sait dechiffrer ?
<BR>
<BR>qui a deja eu ca ?
