[Vpn-help] trouble compiling beta3 on ubunutu 6.0.6 lts
Harondel J. Sibble
help at pdscc.com
Tue Sep 18 00:42:45 CDT 2007
On 17 Sep 2007 at 22:13, Harondel J. Sibble wrote:
> Create all policy settings with static ip address etc, goto name resolution
> tab, uncheck "obtain automatically", put in internal dns server address. Save
> config, click connect = "failed to load 'Policy Name'"
>
> Go back into settings, authentication, phase1 and phase2 are set back to their
> defaults :-(
Policy tab also gets reset to defaults. Note the key times don't get reset
under Ph1 or Ph2.
Disabling name resolution outright or leaving at acquire automatically seems
to be okay.
Still getting stuck at Ph1 and DPD detection messages. Played with various
settings one at a time, same result.
No more problems with iked going away, so that appears to be fixed.
Yehaw! Success. Now what did I change...
config method to pull and nat-t disabled
Can't ping anything behind the vpn gateway, will look into that further and
report back. Tunnel is coming up successfully though.
Hmm, Shrew says tunnel up successfully, Fortigate VPN monitor shows no
connected tunnels....
Disconnect and reconnect, FGT VPN monitor shows connection and pinging is
working! However VPN monitor shows tunnel disappearing within 30 seconds to
a minute, but shrew starts showing DPD messages again and ping is failing.
The general FGT log shows
1 2007-09-17 22:40:45 error error Received ESP packet with unknown
SPI.
2 2007-09-17 22:40:42 error error Received ESP packet with unknown
SPI.
3 2007-09-17 22:40:39 error error Received ESP packet with unknown
SPI.
4 2007-09-17 22:40:36 error error Received ESP packet with unknown
SPI.
5 2007-09-17 22:40:33 error error Received ESP packet with unknown
SPI.
6 2007-09-17 22:40:30 error error Received ESP packet with unknown
SPI.
7 2007-09-17 22:40:27 error error Received ESP packet with unknown
SPI.
8 2007-09-17 22:40:25 error error Received ESP packet with unknown
SPI.
More logging info to follow
--
Harondel J. Sibble
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax) (604) 686-2253 (pager)
More information about the vpn-help
mailing list