--On Friday, November 15, 2002 04:42:48 PM +0100 Remco Barendse
<shorewall@barendse.to> wrote:
> I am trying to set up a VPN tunnel between to host using FreeS/Wan.
>
> I think I have set up shorewall correctly, or at least i followed the
> instructions in http://www.shorewall.net/IPSEC.htm precisely.
>
> When I try to start the tunnel I get these messages however:
> [root@raveon etc]# ipsec auto --up net-to-net
> 104 "net-to-net" #20: STATE_MAIN_I1: initiate
> 106 "net-to-net" #20: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "net-to-net" #20: STATE_MAIN_I3: sent MI3, expecting MR3
> 010 "net-to-net" #20: STATE_MAIN_I3: retransmission; will wait
20s for
> response 003 "net-to-net" #20: discarding duplicate packet;
already
> STATE_MAIN_I3 010 "net-to-net" #20: STATE_MAIN_I3:
retransmission; will
> wait 40s for response 003 "net-to-net" #20: discarding duplicate
packet;
> already STATE_MAIN_I3 031 "net-to-net" #20: max number of
retransmissions
> (2) reached STATE_MAIN_I3. Possible authentication failure: no
> acceptable response to our first encrypted message 000
"net-to-net" #20:
> starting keying attempt 2 of an unlimited number, but releasing whack
>
> When I check the other side I cannot find anything in the logs that
> packets are denied or anything.
>
> Is it necessary to add anything to the rules file to allow incoming IPSEC
> connections and if so which line?
>
All Shorewall setup for IPSEC is described in
http://shorewall.sf.net/IPSEC.htm.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://shorewall.sf.net
ICQ: #60745924 \ teastep@shorewall.net