forgery

Forum Replies Created

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • in reply to: Running an FTP Server #48956

    forgery
    Member

    Cool, thank you for clarifying my thoughts and the link

    in reply to: Basic VPN Setup #48839

    forgery
    Member

    The answer has finally been solved! I was using trying to achieve this on a Windows XP Home Edition laptop. I assume this had problem with the domain? As soon as I changed over to an XP Professional computer the connection went through straight away!! Finally πŸ˜€ i’m so happy.

    Could somebody please explain to me the reasons behind this?

    Many Thanks

    in reply to: Basic VPN Setup #48838

    forgery
    Member

    I’m using someuser and in the domain box I’m typing xxx.local, althought have tried with or without.

    in reply to: ClamAV update 0.94 -> 0.95 how to update #47916

    forgery
    Member

    Just a quick, slightly off topic question, How come lots of people use clam? I’m had it on a few virus infected machines and i’ve never found it spot a virus yet? There seems to be a fair few people on it. Do people have different experiences than me??

    in reply to: Basic VPN Setup #48836

    forgery
    Member

    Hey, thank you for the reply. Have finally had time to play around again and progression is minimal! πŸ™

    I did get the host certificate from inside the zero shell interface, this one was a great deal larger than the one I had previously used. Once this certificate was inserted I then recieved an error that the username/password didn’t match. Still no access but certainly a step closer.

    I decided to try with a new clean laptop. Everything set up the same as before. Host domains and kerberos domains are both xxx.local so that is no problem. I am now attempting off vista with what appear to be the correct certificates and still getting the error in my original post. Both computers can ping each other so there are no physical problems. Here are the current errors

    15:59:18 	INFO: respond new phase 1 negotiation: 192.168.2.253[500]192.168.2.224[500]
    15:59:18 INFO: begin Identity Protection mode.
    15:59:18 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    15:59:18 INFO: received Vendor ID: RFC 3947
    15:59:18 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    15:59:18 INFO: received Vendor ID: FRAGMENTATION
    15:59:18 ERROR: invalid DH group 20.
    15:59:18 ERROR: invalid DH group 19.
    15:59:18 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    15:59:18 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    15:59:18 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    15:59:18 ERROR: no suitable proposal found.
    15:59:18 ERROR: failed to get valid proposal.
    15:59:18 ERROR: failed to process packet.
    15:59:19 INFO: respond new phase 1 negotiation: 192.168.2.253[500]192.168.2.224[500]
    15:59:19 INFO: begin Identity Protection mode.
    15:59:19 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    15:59:19 INFO: received Vendor ID: RFC 3947
    15:59:19 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    15:59:19 INFO: received Vendor ID: FRAGMENTATION
    15:59:19 ERROR: invalid DH group 20.
    15:59:19 ERROR: invalid DH group 19.
    15:59:19 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    15:59:19 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    15:59:19 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    15:59:19 ERROR: no suitable proposal found.
    15:59:19 ERROR: failed to get valid proposal.
    15:59:19 ERROR: failed to process packet.
    15:59:21 INFO: respond new phase 1 negotiation: 192.168.2.253[500]192.168.2.224[500]
    15:59:21 INFO: begin Identity Protection mode.
    15:59:21 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    15:59:21 INFO: received Vendor ID: RFC 3947
    15:59:21 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    15:59:21 INFO: received Vendor ID: FRAGMENTATION
    15:59:21 ERROR: invalid DH group 20.
    15:59:21 ERROR: invalid DH group 19.
    15:59:21 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    15:59:21 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    15:59:21 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    15:59:21 ERROR: no suitable proposal found.
    15:59:21 ERROR: failed to get valid proposal.
    15:59:21 ERROR: failed to process packet.
    15:59:26 INFO: respond new phase 1 negotiation: 192.168.2.253[500]192.168.2.224[500]
    15:59:26 INFO: begin Identity Protection mode.
    15:59:26 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    15:59:26 INFO: received Vendor ID: RFC 3947
    15:59:26 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    15:59:26 INFO: received Vendor ID: FRAGMENTATION
    15:59:26 ERROR: invalid DH group 20.
    15:59:26 ERROR: invalid DH group 19.
    15:59:26 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    15:59:26 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    15:59:26 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    15:59:26 ERROR: no suitable proposal found.
    15:59:26 ERROR: failed to get valid proposal.
    15:59:26 ERROR: failed to process packet.
    15:59:34 INFO: respond new phase 1 negotiation: 192.168.2.253[500]192.168.2.224[500]
    15:59:34 INFO: begin Identity Protection mode.
    15:59:34 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    15:59:34 INFO: received Vendor ID: RFC 3947
    15:59:34 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    15:59:34 INFO: received Vendor ID: FRAGMENTATION
    15:59:34 ERROR: invalid DH group 20.
    15:59:34 ERROR: invalid DH group 19.
    15:59:34 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
    15:59:34 ERROR: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
    15:59:34 ERROR: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
    15:59:34 ERROR: no suitable proposal found.
    15:59:34 ERROR: failed to get valid proposal.
    15:59:34 ERROR: failed to process packet.

    Many Thanks again

    in reply to: Basic VPN Setup #48834

    forgery
    Member

    Thanks for the reply again, I’ll now detail my steps in simplified form, hopefully it remains clear.

    1) Profile set up,
    HostName : zeroshell.xxx.local
    K5 Realm : XXX.LOCAL
    LDAP Base : dc=xxx,dc=local

    We have no use for the Kerberus stuff yet but thought we would make it correct anyway.

    2)Set up host for remote computer
    Hostname : Computer1
    Domain : xxx.local

    3)Set VPN settings on ZeroShell
    LT2P enabled
    set the IP address assignment.
    Left Host Certificate to be Local CA OU = Hosts, CN = zeroshell.xxx.local

    That’s it for the ZeroShell box, I now turn to remote computer ‘computer1’

    1)Added new connection using the external IP address of the ZeroShell Box

    2)Added Certificates, for this i followed instructions in the documentation on the site. I downloaded the correct Host and CA certificates. I then ended up with the 2 certificates in 4 places, these were:

    Inside
    Certificates (Local Computer)
    Personal
    Certificates
    computer1.xxx.local (from computer1.xxx.local PFX)
    Trusted Root Certificate Authorities
    Certificates
    Issued To and By: ZeroShell Example CA (from CA.der)

    Certificates – Service (IPSEC Services) on Local Computer
    PolicyAgentPersonal
    Certificates
    computer1.xxx.local (from computer1.xxx.local PFX)
    PolicyAgentTrusted Root Certificate Authorities
    Certificates
    Issued To and By: ZeroShell Example CA (from CA.der)

    That took me to the end of the instructions and the error messages given. Any more help or any other information I can give please let me know.

    Many thanks again for all time and help πŸ™‚

    in reply to: Basic VPN Setup #48832

    forgery
    Member

    Thank you ppalias. I realise they are private IP addresses, I don’t know, it just felt right not naming full addresses. I knew it didn’t really mean much, just meant I felt better inside πŸ™‚

    I will doube check the ports however I did try it with the firewall turned off and it still would not connect.

    Could I ask what parts of the configuration you would like to know? Or I can just detail pretty much everything I did? Which ever would be easier, I guess it’s not that many steps in total.

    Many Thanks

    in reply to: Basic VPN Setup #48830

    forgery
    Member

    Hi again,

    Having been through the seemingly simple steps I am still unable to VPN into the network. My log states

    16:47:32 	 ERROR: phase1 negotiation failed due to time up. ead0ea579e70a6e6:730373808337e290
    16:47:32 INFO: respond new phase 1 negotiation: 192.168.x.x[500]192.168.x.x[500]
    16:47:32 INFO: begin Identity Protection mode.
    16:47:32 INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
    16:47:32 INFO: received Vendor ID: FRAGMENTATION
    16:47:32 INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    16:47:32 ERROR: ignore information because ISAKMP-SA has not been established yet.

    I’ve just blanked out the IP addresses above, they are correct.

    So from following the instructions I can see the 2 certificates in the 4 places mentioned. I have the host added, the VPN enabled and server and client both share the same domain.

    The error I am getting on the client says “security layer encountered a processing error during initial negotiations with the remote computer.”

    Any advise or tips would be gratefully received. Many Thanks

    in reply to: Basic VPN Setup #48829

    forgery
    Member

    I don’t know why I didn’t see that before!! Thank you for the prod in the right direction.

Viewing 9 posts - 1 through 9 (of 9 total)