|
Originally Posted by vincentnyc
|
entangle: i email you the pcf file yesterday, gave you group name and password and username and password.
i'm very ANXIOUS to hear if you can log into our vpn?
|
Hi, I was busy with some other stuff, but now I tried your settings. I didn't connect succesfully, I got the same error as you. But, that was with "Auto IKE/IPSec setup" and that doesn't work for me either. What you have to do is edit the connection, chose "Manually Set Values" and then guess the right settings for your connection. (Chose "Edit" -> "Advanced" -> "Manually Set Values")
The PCF file didn't hold any interesting information, as you might have noticed. I thought it would be similar to the PCF file for Cisco Concentrator 3000 gateways, but appearently it is not.
But it might not be pure guesswork after all; you know that the program when doing "Auto IKE/IPSec setup" manages to setup correct values for IKE. I might try to explain what IKE and IPSec is, though I am by no means an VPN-guru. So take the next section with a grain of salt! :approve:
The Phase 1 is about the IKE, Internet Key Exchange. You need the public key, the key neccessary to encrypt data outgoing data, from the gateway, and you need to send the gateway your own public key, so that the gateway can encrypt incoming data. I think this is what is going on in Phase 1, roughly. Until now, Bluefire is only dependant on the general settings and the IKE settings.
But the IKE-settings and the IPSec (IP Security) might be very similar, (If you check edit->advanced->IKE setup vs. edit->advanced->IPSec setup you will find many of the same options.)
What I did myself was trying auto setuo at first, getting confident that the right IKE settings
existed, and then I tried manually to find the settings which brought me as long in the connection phases as the auto-setup did. After that, I chose the same parameters for IPSec as for IKE, and after some trial and error with the IPSec values I connected.
You might have an easier way, as we are more clever today than I was at that time. In the bluefire VPN program-folder there is a small utility called bflutil.exe and a sub-directory called logs. The log utility will let you chose the level of logging and it will log into files in the \log directory.
My idea is this: start with deleting all the logfiles, then chose some level of logging (be aware that bluefire VPN will work very slow depending on the level of logging and the size of the log-files. Perhaps start with just IKE logging, as the IKE settings are what we are interested in.). Now try to connect with the "IKE/IPSec Auto Setup"-setting. We know that it choses the correct IKE-values, so we should be able to read those out of the logfiles.
If it terminates after Phase 1, close down Bluefire VPN and copy the logfiles to your computer in order to read them properly - they can get quite big. Now find these values:
Encryption Algorithm: ?
Hash algorithm: ?
Diffie Hellman (DH) group: ? (I tried the above myself, and after a quick look at the log-files it seems that DH Group 2 is the correct setting here, but try it yourself.)
Okay, good luck!
Thomas
Follow Us
RSS Feed
Follow on Twitter
Facebook
YouTube
