From: Red G. <red...@bl...> - 2004-12-04 07:17:54
|
OK I got it. internet explorer came back finally with a partial url that I remembered seeing before. what I needed was anonymous:nam...@ft... once I got that right then internet explorer connected and I was able to drill down and download the file. After all that I discovered that the CD drive on this pc is broken. just the way my luck has been going on this one. RG Quoting Red Gibbs <red...@bl...>: > Heiko > I am at the remote site and I tried to get the file via both the > ftp > program and internet exporer and both methods failed. > with the ftp program I was able to get connected finally as > anonymous > and changed into the directory and did a dir that showed me the > file > but I could not "get" it. I don' t use ftp very much. I > generally > just use the internet explorer. It would not let me login from > this > location as anonymous and my email address. I was told it was a > private ftp site, but that may have just been a microsoft message. > > RG > > Quoting Heiko Zuerker <he...@zu...>: > > > Heiko Zuerker wrote: > > > > > Red Gibbs wrote: > > > > > >> Heiko > > >> Thanks, I am sure I did keep the ipsec.secrets files also I > just > > > > >> forgot to > > >> list it. > > >> The strange part is if I only do one end it will work. > > >> > > >> RG > > >> -----Original Message----- > > >> From: dev...@li... > > >> [mailto:dev...@li...] On > > Behalf Of > > >> Heiko > > >> Zuerker > > >> Sent: Friday, December 03, 2004 7:26 AM > > >> To: dev...@li... > > >> Subject: Re: [Devil-Linux-discuss] 1.2.1 upgrade from 1.2.0 > with > > 2 > > >> tunnels > > >> problems > > >> > > >> Red Gibbs wrote: > > >> > > >> > > >> > > >>> I have a pair of DL firewalls running 1.2.0. I tried to > > upgrade > > >>> them to 1.2.1. > > >>> > > >>> If I upgrade one side only the ipsec tunnels will work ok. > > >>> When I do both ends I cannot get the SA connection. > > >>> > > >>> If I stop and restart the tunnels I get a bunch of retry > > messages. > > >>> Here are some examples, any ideas what is going on? > > >>> left side > > >>> 104 "tun-name" #xx: STATE_MAIN_I1: initiate > > >>> 106 "tun-name" #xx: STATE_MAIN_I2: sent MI2, expecting MR2 > > >>> 108 "tun-name" #xx: STATE_MAIN_I2: sent MI3, expecting MR3 > > >>> 003 "tun-name" #xx: Signature check (on IP#) failed (wrong > > key?); tried > > >>> *AQ0k5k4go > > >>> 217 "tun-name" #xx: STATE_MAIN_I3: INVALID_KEY_INFORMATION > > >>> 010 "tun-name" #xx: STATE_MAIN_I3: retransmission; will wait > > 20s for > > >>> response > > >>> 003 "tun-name" #xx: Signature check (on IP#) failed (wrong > > key?); tried > > >>> *AQ0k5k4go > > >>> 217 "tun-name" #xx: STATE_MAIN_I3: INVALID_KEY_INFORMATION > > >>> 003 "tun-name" #xx: Signature check (on IP#) failed (wrong > > key?); tried > > >>> *AQ0k5k4go > > >>> 217 "tun-name" #xx: STATE_MAIN_I3: INVALID_KEY_INFORMATION > > >>> 003 "tun-name" #xx: Signature check (on IP#) failed (wrong > > key?); tried > > >>> *AQ0k5k4go > > >>> 217 "tun-name" #xx: STATE_MAIN_I3: INVALID_KEY_INFORMATION > > >>> 000 "tun-name" #xx: starting keying attempt 2 of an unlimited > > > >>> number, but > > >>> releasing whack > > >>> # > > >>> On the right side > > >>> 104 "tun-name" #xx: STATE_MAIN_I1: initiate > > >>> 106 "tun-name" #xx: STATE_MAIN_I2: sent MI2, expecting MR2 > > >>> 108 "tun-name" #xx: STATE_MAIN_I2: sent MI3, expecting MR3 > > >>> 003 "tun-name" #xx: STATE_MAIN_I3: ignoring informational > > payload, type > > >>> INVLAID_KEY_INFORMATIONS > > >>> 003 "tun-name" #xx: received and ignored informational > message > > >>> 010 "tun-name" #xx: STATE_MAIN_I3: STATE_MAIN_I3: > > retransmission: > > >>> will wait > > >>> 20s for response > > >>> 003 "tun-name" #xx: discarding duplicate packet; already > > STATE_MAIN_I3 > > >>> 003 "tun-name" #xx: STATE_MAIN_I3: ignoring informational > > payload, type > > >>> INVLAID_KEY_INFORMATIONS > > >>> 003 "tun-name" #xx: discarding duplicate packet; already > > STATE_MAIN_I3 > > >>> 010 "tun-name" #xx: STATE_MAIN_I3: STATE_MAIN_I3: > > retransmission: > > >>> will wait > > >>> 40s for response > > >>> 003 "tun-name" #xx: STATE_MAIN_I3: ignoring informational > > payload, type > > >>> INVLAID_KEY_INFORMATIONS > > >>> 003 "tun-name" #xx: received and ignored informational > > message. > > >>> 031 "tun-name" #xx: max number of retransmissions (2) > reached > > >>> > > >> > > >> STATE_MAIN_I3. > > >> > > >> > > >>> Possible authentication failure: no acceptable response to > our > > first > > >>> encrypted message > > >>> 000 "tun-name" #xx: starting keying attempt 2 of an unlimited > > > >>> number, but > > >>> releasing whack > > >>> > > >>> without iptraf I can not look at what is getting to who very > > well > > >>> tcpdump > > >>> doesn't work that well for me. I know I am spoiled, I just > > like > > >>> things to work out of the box. > > >>> > > >>> When I ran ipsec verify I also saw 5 strange messages. > > >>> /usr/lib/ipsec/verify: line 204: [: IP# : binary operator > > expected > > >>> > > >>> When I upgraded I left the 1.2.0 floppy in the floppy drive > and > > > > >>> booted the > > >>> 1.2.1 CD. > > >>> I left an X on the /etc/ipsec.conf, /etc/sysconfi/nic/*, > > >>> /etc/inint.d/network, /etc/ssh/*, and > > /etc/init.d/firewall.rules. I > > >>> copied > > >>> the old configuration and users also. > > >>> > > >>> Did I miss something? > > >>> > > >>> > > >>> > > >> > > >> It's a while ago, since I used Ipsec, but I'll try to help > > >> > > >> Most likley the ipsec.secrets is the problem. > > >> Try again and make sure you keep this file from the old > > installation. > > >> Also keep in mind that those files differs on each host, so > you > > can't > > >> copy it from one to another. > > >> > > >> You should also change your shared key (after you get it > working > > > > >> again), since it was displayed in the log file (when I read > it > > right, > > >> it's still early here). > > >> > > >> > > >> > > > I checked the changelog for Openswan, nothing really catched > my > > eye. > > > I'll create a new DL version with the final release of > Openswan > > 1.08 > > > (we use a CVS version in DL 1.2.1), so you can test if this > one > > fixes > > > the problem. > > > The download should be available tomorrow. > > > > > > > Give this one a try: > > > ftp://ftp.de.devil-linux.org/pub/devel/testing/devil-linux-1.2.2-2004-12-03-i586-SMP.tar.bz2 > > If it doesn't work either, I would suggest that you try to > update > > again. > > It could be that you missed something the first time. > > > > If it doesn't work either, you should ask on the openswan > > mailinglist > > what the issue could be. The test version I provided to you uses > > > Openswan v1.08 > > > > -- > > > > Regards > > Heiko Zuerker > > http://www.devil-linux.org > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from > real > > users. > > Discover which products truly live up to the hype. Start reading > > now. > > http://productguide.itmanagersjournal.com/ > > _______________________________________________ > > Devil-linux-discuss mailing list > > Dev...@li... > > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real > users. > Discover which products truly live up to the hype. Start reading > now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |