[Vpn-help] trouble compiling beta3 on ubunutu 6.0.6 lts

Harondel J. Sibble help at pdscc.com
Tue Sep 18 00:42:45 CDT 2007



On 17 Sep 2007 at 22:13, Harondel J. Sibble wrote:

> Create all policy settings with static ip address etc, goto name resolution
> tab, uncheck "obtain automatically", put in internal dns server address. Save
> config, click connect = "failed to load 'Policy Name'"
> 
> Go back into settings, authentication, phase1 and phase2 are set back to their
> defaults :-( 

Policy tab also gets reset to defaults.  Note the key times don't get reset 
under Ph1 or Ph2.

Disabling name resolution outright or leaving at acquire automatically seems 
to be okay.

Still getting stuck at Ph1 and DPD detection messages. Played with various 
settings one at a time, same result.

No more problems with iked going away, so that appears to be fixed.

Yehaw! Success. Now what did I change...

config method to pull and nat-t disabled

Can't ping anything behind the vpn gateway, will look into that further and 
report back. Tunnel is coming up successfully though.

Hmm, Shrew says tunnel up successfully, Fortigate VPN monitor shows no 
connected tunnels....

Disconnect and reconnect, FGT VPN monitor shows connection and pinging is 
working!  However VPN monitor shows tunnel disappearing within 30 seconds to 
a minute, but shrew starts showing DPD messages again and ping is failing.

The general FGT log shows

1 	2007-09-17 	22:40:45 	error 	  	error 	Received ESP packet with unknown 
SPI.
2 	2007-09-17 	22:40:42 	error 	  	error 	Received ESP packet with unknown 
SPI.
3 	2007-09-17 	22:40:39 	error 	  	error 	Received ESP packet with unknown 
SPI.
4 	2007-09-17 	22:40:36 	error 	  	error 	Received ESP packet with unknown 
SPI.
5 	2007-09-17 	22:40:33 	error 	  	error 	Received ESP packet with unknown 
SPI.
6 	2007-09-17 	22:40:30 	error 	  	error 	Received ESP packet with unknown 
SPI.
7 	2007-09-17 	22:40:27 	error 	  	error 	Received ESP packet with unknown 
SPI.
8 	2007-09-17 	22:40:25 	error 	  	error 	Received ESP packet with unknown 
SPI.

More logging info to follow
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating solutions for the small business and home computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)      (604) 686-2253 (pager)




More information about the vpn-help mailing list