Bordermanager VPN Client and Linux

Hello, 
has anyone tried to connect with the Bordermanager VPN Client to a
Linux VPN Gateway? Could anyone give me a hint? I try it since 3 days.

Thanks to everyone
0
calysto_puschkin
8/5/2004 12:09:02 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

3 Replies
581 Views

Similar Articles

[PageSpeed] 10

In article <662b3276.0408050404.5c96b3ab@posting.google.com>, Arndt 
wrote:
> has anyone tried to connect with the Bordermanager VPN Client to a
> Linux VPN Gateway? Could anyone give me a hint? I try it since 3 days.
>
I think I tried it a few months ago, but did not spend much time.  Are 
you trying certificate mode or preshared key?  Either should work, but I 
agree that it could take a lot of trying to figure out just what the 
Linux side wants.  The BMgr client side should be fairly easy though.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/6/2004 5:08:36 AM
Hello Craig, 

thank you for your answer. I am trying it with certificate.  

> agree that it could take a lot of trying to figure out just what the 
> Linux side wants.

Ok then I will try it.

This is the IKE Log from the client (xxx.xxx.xx.x = IP address VPN
Gateway) maybe I have made a configuration misstake:

08-03-2004 04:14:27 PM Created thread for SendKeepAlivePacketProcess
08-03-2004 04:14:27 PM Loaded: 1 private key(s).
08-03-2004 04:14:27 PM Loaded: 2 certificate(s), 2 public key(s).
08-03-2004 04:14:27 PM Cert data len = 1276
08-03-2004 04:14:27 PM Cert data len = 1057
08-03-2004 04:14:27 PM Read trusted root cert file
C:\Novell\Vpnc\Certificates\Trusted
Roots\CERTIFICATE_cert-stajta-ba.der
08-03-2004 04:14:27 PM Start IPSEC SA 00956128 - Initiator****totSA=1
08-03-2004 04:14:27 PM src from IPsec
08-03-2004 04:14:27 PM 00000000 d490b9bd
08-03-2004 04:14:27 PM dst from IPsec
08-03-2004 04:14:27 PM 00000000 818f1d0a
08-03-2004 04:14:27 PM Start IKE-SA 01266450 -
Initiator,src=212.144.185.189,dst=xxx.xxx.xx.x,TotSA=1
08-03-2004 04:14:27 PM ***Send Main Mode message to xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=17169156
08-03-2004 04:14:27 PM ***Receive Main Mode message from xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=0,1stPL=SA-PAYLOAD,state=16120532
08-03-2004 04:14:27 PM IKE SA NEGOTIATION:  Peer lifetime = 28800 My
lifetime=28800
08-03-2004 04:14:27 PM ****DH private exponent size is 1016****
08-03-2004 04:14:27 PM Recieved Supported Vendor id
draft-ietf-ipsec-nat-t-ike-03  from xxx.xxx.xx.x
08-03-2004 04:14:27 PM ***Send Main Mode message to xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=0,1stPL=KEY-PAYLOAD,state=16120432
08-03-2004 04:14:27 PM ***Receive Main Mode message from xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=0,1stPL=KEY-PAYLOAD,state=16120532
08-03-2004 04:14:27 PM No NAT detected
08-03-2004 04:14:27 PM  *Sending  MM id payload  Type 3  - subject
name :9 subject alternative name :2,3
08-03-2004 04:14:27 PM  *protocol 0 portnum 0 length 25  
08-03-2004 04:14:27 PM Sending  INITIAL_CONTACT notify to xxx.xxx.xx.x
08-03-2004 04:14:27 PM ***Send Main Mode message to xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=0,1stPL=ID-PAYLOAD,state=16120432
08-03-2004 04:14:27 PM ***Receive Main Mode message from xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=0,1stPL=ID-PAYLOAD,state=16120532
08-03-2004 04:14:27 PM Recieved MM ID payload type 1 protocol 0
portnum 0 length 8
08-03-2004 04:14:27 PM *Received MM ID ID_IPV4_ADDR xxx.xxx.xx.x 
08-03-2004 04:14:27 PM IKE_CCS_RSAPublicKeyDecrypt:
CCS_DataDecryptInit returned error code -1423
08-03-2004 04:14:27 PM sending notify message type: 25   to
xxx.xxx.xx.x
08-03-2004 04:14:27 PM ***Send Unacknowledge Informational message to
xxx.xxx.xx.x
08-03-2004 04:14:27 PM
I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=601b4c45,1stPL=HASH-PAYLOAD,state=16120264
08-03-2004 04:14:27 PM Processed SIGNATURE-PAYLOAD unsuccessful -
Certificate authentication failure, dst=xxx.xxx.xx.x.
08-03-2004 04:14:27 PM Failed to create IKE-SA - Certificate
authentication failure , dst = xxx.xxx.xx.x
08-03-2004 04:16:57 PM Exiting thread for SendKeepAlivePacketProcess


---------log ends----

thanks for the help

Kind regards from Germany
arndt
0
calysto_puschkin
8/6/2004 12:21:13 PM
In article <662b3276.0408060416.16d1008f@posting.google.com>, Arndt wrote:
> 08-03-2004 04:14:27 PM *Received MM ID ID_IPV4_ADDR xxx.xxx.xx.x 
> 08-03-2004 04:14:27 PM IKE_CCS_RSAPublicKeyDecrypt:
> CCS_DataDecryptInit returned error code -1423

Here is the error.  Looks like it relates to encryption, though I really don't know what the error 
code is telling us for a cause.  My instinct says to look at the certificate you created on the Linux 
server, and see if it has settings that the client side wants.  About all I can find on a 1423 error 
is some sort of invalid certificate usage NICI problem.

The Novell VPN client also installs local NICI to handle encryption - perhaps there is a mismatch in 
the encryption used to create the cert, and that used by NICI?  (56-bit versus 128-bit, custom 
settings, etc.)

> 08-03-2004 04:14:27 PM sending notify message type: 25   to
> xxx.xxx.xx.x
> 08-03-2004 04:14:27 PM ***Send Unacknowledge Informational message to
> xxx.xxx.xx.x

This is the VPN client telling the other end that it did not like the previous encryption attempt.

> 08-03-2004 04:14:27 PM
> I-COOKIE=8304f03f06c6b326,R-COOKIE=719917d0d1713da6,MsgID=601b4c45,1stPL=HASH-PAYLOAD,state=16120264
> 08-03-2004 04:14:27 PM Processed SIGNATURE-PAYLOAD unsuccessful -
> Certificate authentication failure, dst=xxx.xxx.xx.x.

This sounds like a trusted root issue, but I'm not sure if that is the problem or not.

> 08-03-2004 04:14:27 PM Failed to create IKE-SA - Certificate
> authentication failure , dst = xxx.xxx.xx.x
> 08-03-2004 04:16:57 PM Exiting thread for SendKeepAlivePacketProcess
>


Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/6/2004 7:48:00 PM
Reply:

Similar Artilces:

Bordermanager VPN client AND iFolder 2 client
Hello, We have always given our laptop users the Novell BorderManager VPN client (WinXP Pro)to access various services. We now have iFolder 2.1 available to them. However, when they install the iFolder client, on reboot, they are informed that a problem has occured with the installion the iFolder client and to retry the install. This doesn't get resolved. Is it possible to run both?. I know the VPN client is not required for remote access to iFolder, however, our users need the VPN client to access other services. Rgds. Stan Chelchowski Hi, stanch@**.co.uk wrote: &...

Bordermanager vpn vs Cisco router vpn etc
I have a small client with a Novell 5.x server with about 35 clients, many of which are needing some sort of vpn access. Trying to figure out if it is easier to setup border manager for vpn access on the server or simply get a router that will provide vpn access. Which would be easier or more cost effective in this scenario over a dsl connection. Any suggestions or comments are appreciated. Thanks Paul I guess it depends a lot on cost. Do you already have BMgr? (A copy that includes client-site VPN?) If so, just install that and configure it. As for using ...

Bordermanager 2.1 VPN clients
I know that Bordermanager 2.1 is supposed to be server to server only but does anyone know of a solution I can use to connect at windows 98/2k/XP PC to the master VPN server? TIA! Matt Hudson hi Matt, configure a dial up access to the server with NIAS maybe? -- Cat Novell Support Connection Volunteer Sysop Cat, I really want staff on broadband at home do be able to connect via a vpn, do you not need a modem connection for this? We will soon be upgrading to BM 3.7 and I know there is a windows based client for this but I really just wanted to h...

Bordermanager VPN Client and Sprint SmartView
A couple things. 1st, I've found that using the Bordermanager VPN with a Sprint SmartView client doesn't work. When trying to initiate the VPN connection the server the server shows "8-31-2010 8:51:58 am Error: Pre shared key mismatch for peer 108.115.170.89 , cookies my-his 4329A79D23B12B8E-412A1F036D94F996" a number of times 'til the connection finally fails. Anyone have any ideas why that would be and if there is a workaround? It does work through a Sprint connection when the Sprint Card is on a CradlePoint router that my client connects to over WiFi, so...

BorderManager VPN
Hi, I have a customer who is looking for a VPN solution (No more details yet...) Anyhow they have Border Manager 3.8 for proxy. However another site of theirs uses ISA. I know very little about either products. and would like to know peoples views? is BM a good product for VPN, are their better 3rd Party products? Thanks Hi, I use BM vpns all over the place & rate them highly. The 3.8 release was a major step forward as we now use the ipsec standard for site to site transport & can now talk to any other industry standard ipsec vpn endpoint. Client to...

iPAQ VPN client to BorderManager 3.7
Hi Does any one know if its possible to use an iPAQ (with a GPRS card) as a VPN client to BorderManger 3.7, if so how? Our laptops (with same GPRS card) work great with the Novell VPN client. Many Thanks Mark Evans hi Mark, there is no VPN client for it... -- Cat Novell Support Connection Volunteer Sysop Is it possible to configure the PocketPc 2002 VPN on the iPAQ to work with Bordermanager 3.7. Thanks Mark Evans "CSL" <Cat@not-here.com> wrote in message news:3ECCA567.82098DF8@not-here.com... > hi Mark, > > the...

Spontaneous reboots using bordermanager VPN client
Hi, While using the bordermanager VPN client om my system (HP pavillion T3285, AMD64 X2 3800+) I occasionally get a reboot of my system. In the event log I can find the information that system error 000000b8 occurred. Is this a known issue ? perhaps an issue with dual core processors ? When I do not use the VPN client the system error never happens. Any ideas / how to start troubleshooting. I Do have a minidump of the situation in case anyone can interpret this ? Kind regards, Hen Hen, It appears that in the past few days you have not received a response to your ...

Bordermanager VPN Client 3.8.4
Hi, I've downloaded the last version of Bordermanager VPN Client (3.8.4) and after install it and reboot my computer i can not launch it cause clnwin32.dll is missing. I've tried it in diferent computers and still the same. Is the file on the network corrupted? am i doing anything wrong? Thanks, Carlos. That just happens if i do not have the novell client installed on the workstation. do i need the novell client to make novell vpn client work? i think must be something wrong wit this new version of the vpn client. Carlos. We noticed that error message, too....

Problems with VPN with Bordermanager over a Linux Router (NAT)
Hi, I have a little problem: My Windows-Box is behind a Linux-Box (Mandrake 9.1 and iptables). The linux-box is the gateway for all windows-boxes. On the windows-box (IP: 192.168.1.12) I have installed BorderManager 3.7 R2. When I try to connect to a VPN-Server (outside of my LAN - over the Internet) I can connect, but no crypted packets were received. When I use a dial-up connection to the internet direct on the windows-box (AVM-Fritz-card) the vpn-connect works fine. So, can anyone help me which port I have to forward to my windows-box ?? And how I can do this (with ip...

Download Error trial version BorderManager VPN Client
Hi I have try to download the trial version for bordermanager 3.8 VPN Client and i have got an error message : You are in an embargoed or otherwise restricted country. I am based in London. So where can i found this software otherwise than in the novell website or maybe there is a solution to solve this problem. Thanks for your help. Regards Any chance you are using a proxy server in another country? Sounds like a really strange error. I'd try again later. Maybe Novell's download system just has a glitch right now, but I will report it. Craig Joh...

Windows XP and Bordermanager 3.7 VPN client
Hi, Seems to be able to get things to work through my ISP at work (using Windows 98), however Windows XP has worked ONLY once so far. Get IP connection fine (infact can even telnet and ping internal servers), however Netware login never works and hangs up with a "No tree or server found" error. When connection is established it says its an IPX call, (IPX tunnel is on), altough I think it should be IP only, what the heck it connects, I can fix that later. However even with every IPX option turned on on all network interfaces, the IPX box is still grayed out in the...

VPN Client 3.8 behind Netgear Router VPN Server C2S behind Linux IPTABLES
I configured my vpn client behind a Netgear router in NAT modus. MY BM 3.8 C2S is running behind Linux IPTABLES in static NAT Modus. If configured my bm policies after the book from john craig (NMAS / PASSWORD/ NDS) If I connect from my VPN Client I get NMAS error "error authentication FFFF996" but nothing in nmasmon (ver 1.21) If I connect the client can read the name of Tree but then occured the error. The same error I get if I configure my vpn client in the same network like linux public interface and attach from there my BM about linux nat interface. Does any...

Bordermanager VPN-client 3.8.x + netware6.0 + Vista
I'm currently using bordermanager 3.8.16 installed on my Windows Vista and connecting to my office by the Bordermanager VPN-client to a netware6-server (they refuse to upgrade to 6.5) and it's working! (but!). .. but every hour when my ISP renews it's lease for the IP-adress it won't succeed and the VPN-client and my internet-connection stops working. Then I have to disconnect/logout the VPN and then reconnect to my ISP and then reconnect/login to the VPN I also found out that the VPN doesn't work when I'm behind a NAT (but that works on my other compu...

VPN Client
I have a Border Manager 3.7 server with a Site to Site and Client to Site VPN enabled. The VPN client can access all information of the WAN except for the site that is accross the Site to Site VPN. The client to site is configured to encrypt this network. From the internal network the remote site accross the VPN site to site works fine. Any help would be appreciated Rob C Rob, This is really working as designed. If you want a vpn client to access the other site, you'll need to enable client-site on the other BM server. -- Lance Reynolds, CNE &l...

Web resources about - Bordermanager VPN Client and Linux - novell.bordermanager.vpn

NetIQ eDirectory - Wikipedia, the free encyclopedia
This article includes a list of references , related reading or external links , but its sources remain unclear because it lacks inline citations ...

Novell - Blackboard
Novell helped invent the corporate network in the early 1980s and continues to drive technology for business today. Network software began with ...

Information
The site is using a web proxy cache , such as Novell BorderManager FastCache , Apache Traffic Server or a server running the open source Squid ...

Novell BorderManager 3.9
Novell BorderManager offers robust Internet access controls, content filtering capabilities, secure VPN services and firewall services supported ...

Patch Finder
... of your choice. Standard Select Select a Product Access Governance Access Manager Account Management (NAM) Apache AppArmor Audit BorderManager ...

Press Releases - SuperLumin
June 11, 2013 SuperLumin Event Proxy Provides 5,000 Attendees with High-Speed Web Browsing Experience at Adobe MAX Conference May 7, 2013 ...

Support - SUSE
SUSE's world class support organization offers customers the best support experience in the industry.

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is an American multinational software and services company headquartered in Provo, Utah . It has been instrumental ...

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is a software and services company. It is a wholly owned subsidiary of The Attachmate Group . It specializes in ...

IPX/SPX - Wikipedia, the free encyclopedia
IPX and SPX are derived from Xerox Network Systems ' IDP and SPP protocols, respectively. IPX is a network layer protocol (layer 3 of the OSI ...

Resources last updated: 12/4/2015 12:21:35 PM