<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
tt
{font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>First off If there is a simpler way to assign DHCP LAN
address to a Windows XP RoadWarrior AND/OR allow domain authentication for
windows clients PLEASE let me know ;). I could easily be barking up the
wrong tree for my solutions….<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have read Nate Carlson’s Win2k/XP with freeswan,
Jacco de Leeuw’s FreeSWAN with Windows2k/XP L2TP/IPSec, and Martin
Koeppe’s passing L2TP through to your gateway to the Windows
Server. I realized my test environment to the firewall (dynamic
addressing) wouldn’t work with Pre Shared Keys. So then I had
certificates working with the ipsec.exe (stripping L2TP out). Of course
then one client needs to be able to sign onto the domain easily, so I attempted
taking the certificates and using the native client from Windows XP passing
L2TP to the Windows server. Followed the instructions, and changed the clients,
using the same certificates.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I then ended up getting a strange error for the tunnel.
I have tried tracking down the error but list archives suggest that my
ipsec.conf has a rightsubnet=0.0.0.0/0 and to remove it. I do not have
this setting. IPSec fails to connect now, and doesn’t even get the chance
to pass off to the Windows L2TP server and Oakley Log. I have removed the
certificates, and recreated the p12 file, and reattempted connecting.
Same error. I assume I am missing something, but am at a loss. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The Windows Client fails with Error 792: The L2TP connection
attempt failed because security negotiation timed out.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>64.142.54.112 = ipsec.a-1networks.com & The Root CA that
created the certificates<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>209.148.105.71 = Roadwarrior02 WindwosXP client.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Below is the copy of the log during connection:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><tt><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;color:black'>15:20:18 pluto[21647] packet from
209.148.105.71:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003]</span></font></tt><font
size=2 color=black face="Courier New"><span style='font-size:10.0pt;font-family:
"Courier New";color:black'><br>
<tt><font face="Courier New">15:20:18 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: responding to Main Mode from unknown peer 209.148.105.71</font></tt><br>
<tt><font face="Courier New">15:20:18 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: transition from state (null) to state STATE_MAIN_R1</font></tt><br>
<tt><font face="Courier New">15:20:18 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</font></tt><br>
<tt><font face="Courier New">15:20:19 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, O=A1Networks,
CN=TrevorBenson'</font></tt><br>
<tt><font face="Courier New">15:20:19 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</font></tt><br>
<tt><font face="Courier New">15:20:19 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: sent MR3, ISAKMP SA established</font></tt><br>
<tt><font face="Courier New">15:20:20 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: cannot respond to IPsec SA request because no connection is
known for 64.142.54.112[C=US, O=A1Networks, CN=ipsec.a-1networks.com]:17/0...209.148.105.71[C=US,
O=A1Networks, CN=TrevorBenson]:17/1701</font></tt><br>
<tt><font face="Courier New">15:20:20 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: sending encrypted notification INVALID_ID_INFORMATION to
209.148.105.71:500</font></tt><br>
<tt><font face="Courier New">15:20:21 pluto[21647] "Roadwarrior01"[4]
209.148.105.71 #4: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xe74ac634 (perhaps this is a duplicated packet)<o:p></o:p></font></tt></span></font></p>
<p class=MsoNormal><tt><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></tt></p>
<p class=MsoNormal><tt><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></tt></p>
<p class=MsoNormal><tt><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;color:black'>Here is the IPSec.conf entries:<o:p></o:p></span></font></tt></p>
<p class=MsoNormal><tt><font size=2 color=black face="Courier New"><span
style='font-size:10.0pt;color:black'><o:p> </o:p></span></font></tt></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>conn Roadwarrior02<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
left=64.142.54.112<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
leftnexthop=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
leftsubnet=192.168.169.0/255.255.255.0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
leftcert=/var/ipcop/certs/hostcert.pem<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> right=0.0.0.0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
rightcert=/var/ipcop/certs/Roadwarrior02cert.pem<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> pfs=no<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> dpddelay=30<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> dpdtimeout=120<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> dpdaction=clear<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> authby=rsasig<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Any suggestions are greatly appreciated.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Trevor Benson<o:p></o:p></span></font></p>
</div>
</body>
</html>