<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {font-family:Arial;
        color:windowtext;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=3 face=Arial><span style='font-size:12.0pt;
font-family:Arial'>Dear All,<br>
<br>
I am using openswan latest build and marcus miller tool for windows to<br>
make an ipsec tunnel(road warrior configuration); where we know the ip<br>
address of the clients.<br>
objective is to install a PSK based (initially) Ipsec tunnel between<br>
clients and server. so that the clients will be able to work from<br>
there home at the pc.<br>
the internal network behind the ipsec server is <a href="http://10.140.0.0"
target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">10.140.0.0</a>
and the<br>
ipsec gateway is 61.95.x.x/27 the client's ip is 203.200.x.x/27<br>
---------------------ipsec.conf--------------------<wbr>------------------<br>
here is the ipsec.conf and ipsec.secrets i am using on ipsec server<br>
# /etc/ipsec.conf - Openswan IPsec configuration file<br>
# RCSID $Id: <a href="http://ipsec.conf.in" target="_blank"
onclick="return top.js.OpenExtLink(window,event,this)">ipsec.conf.in</a>,v 1.13
2004/03/24 </span></font><font face=Arial><span style='font-family:Arial'>04:14:39</span></font><font
face=Arial><span style='font-family:Arial'> ken Exp $<br>
<br>
# This file: /usr/share/doc/openswan/ipsec<wbr>.conf-sample<br>
#<br>
# Manual: ipsec.conf.5<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
<br>
# basic configuration<br>
config setup<br>
# Debug-logging controls: "none" for
(almost) none, "all" for lots.<br>
# klipsdebug=none<br>
# plutodebug="control parsing"<br>
<br>
# Add connections here<br>
conn rohit<br>
authby=secret|rsasig<br>
left=61.95.x.x/27<br>
leftsubnet=10.140.0.0/16<br>
leftnexthop=61.95.x.x<br>
right=203.200.x.x/27<br>
rightnexthop=203.200.x.x<br>
auto=start<br>
# sample VPN connection<br>
#sample# conn sample<br>
#sample# # Left security
gateway, subnet behind it, next hop toward right.<br>
<script>
<!--
D(["mb","#sample# left=10.0.0.1\<br\>#sample# leftsubnet=172.16.0.0/24\<br\>#sample# leftnexthop=10.22.33.44\<br\>#sample# # Right security gateway, subnet behind it, next hop toward left.\<br\>#sample# right=10.12.12.1\<br\>#sample# rightsubnet=192.168.0.0/24\<br\>#sample# rightnexthop=10.101.102.103\<br\>#sample# # To authorize this connection, but not actually start it, at startup,\<br\>#sample# # uncomment this.\<br\>#sample# #auto=start\<br\>\<br\>#Disable Opportunistic Encryption\<br\>include /etc/ipsec.d/examples/no_oe\<wbr\>.conf\<br\>\<br\>: PSK "rohit"\<br\>: RSA {\<br\> # RSA 2192 bits vpn Tue Nov 2 12:51:52 2004\<br\> # for signatures only, UNSAFE FOR ENCRYPTION\<br\> #pubkey=0sAQO0ISvy7w6cCarBtZqC\<wbr\>7RKkjbEZ4r8FUkefbAw2zu2H40IKcL\<wbr\>sS7XI9+Fp+AmgUgqia2O6WStJf4YeC\<wbr\>0yKlHjXy8AHZTn99JflYkQsS2ZFA74\<wbr\>4HApYf5YY3+zDIjr0FrSPifX6Ff9lW\<wbr\>SpIwEeJ4z5OPYA0qzdqWFo1x8yLFrv\<wbr\>RvfMNCvY2dvXt4aX+am4jzxI\<wbr\>/xNZqNEcyEPXSrbcaknd6W/yBwmaEJ\<wbr\>X3AQgFB8hWDlcaG+tlop+ZDZjtLQxT\<wbr\>7XQXwfRbynfxwuf+YSZGmkN2HpqdmJ\<wbr\>wO8AKZbcZpSpT9o7OLtpzO81Pr3zw9\<wbr\>0UA1rWv5TaIPEv52xwYLKSBwMFbTh6\<wbr\>utX3QeLufvV/s2X+s6NzRBV5\<br\> Modulus: 0xb4212bf2ef0e9c09aac1b59a82ed\<wbr\>12a48db119e2bf0552479f6c0c36ce\<wbr\>ed87e3420a70bb12ed723df85a7e02\<wbr\>681482a89ad8ee964ad25fe18782d3\<wbr\>22a51e35f2f001d94e7f7d25f95891\<wbr\>0b12d99140ef8e0702961fe58637fb\<wbr\>30c88ebd05ad23e27d7e857fd9564a\<wbr\>923011e278cf938f600d2acdda9616\<wbr\>",1]
);
//-->
</script>#sample#
left=10.0.0.1<br>
#sample#
leftsubnet=172.16.0.0/24<br>
#sample#
leftnexthop=10.22.33.44<br>
#sample# # Right
security gateway, subnet behind it, next hop toward left.<br>
#sample#
right=10.12.12.1<br>
#sample#
rightsubnet=192.168.0.0/24<br>
#sample#
rightnexthop=10.101.102.103<br>
#sample# # To authorize
this connection, but not actually start it, at startup,<br>
#sample# # uncomment
this.<br>
#sample# #auto=start<br>
<br>
#Disable Opportunistic Encryption<br>
include /etc/ipsec.d/examples/no_oe<wbr>.conf<br>
<br>
: PSK "rohit"<br>
: RSA {<br>
# RSA 2192 bits vpn Tue Nov 2 </span></font><font face=Arial><span style='font-family:Arial'>12:51:52</span></font><font face=Arial><span
style='font-family:Arial'> 2004<br>
# for signatures only, UNSAFE FOR ENCRYPTION<br>
#pubkey=0sAQO0ISvy7w6cCarBtZqC<wbr>7RKkjbEZ4r8FUkefbAw2zu2H40IKcL<wbr>sS7XI9+Fp+AmgUgqia2O6WStJf4YeC<wbr>0yKlHjXy8AHZTn99JflYkQsS2ZFA74<wbr>4HApYf5YY3+zDIjr0FrSPifX6Ff9lW<wbr>SpIwEeJ4z5OPYA0qzdqWFo1x8yLFrv<wbr>RvfMNCvY2dvXt4aX+am4jzxI<wbr>/xNZqNEcyEPXSrbcaknd6W/yBwmaEJ<wbr>X3AQgFB8hWDlcaG+tlop+ZDZjtLQxT<wbr>7XQXwfRbynfxwuf+YSZGmkN2HpqdmJ<wbr>wO8AKZbcZpSpT9o7OLtpzO81Pr3zw9<wbr>0UA1rWv5TaIPEv52xwYLKSBwMFbTh6<wbr>utX3QeLufvV/s2X+s6NzRBV5<br>
Modulus: 0xb4212bf2ef0e9c09aac1b59a82ed<wbr>12a48db119e2bf0552479f6c0c36ce<wbr>ed87e3420a70bb12ed723df85a7e02<wbr>681482a89ad8ee964ad25fe18782d3<wbr>22a51e35f2f001d94e7f7d25f95891<wbr>0b12d99140ef8e0702961fe58637fb<wbr>30c88ebd05ad23e27d7e857fd9564a<wbr>923011e278cf938f600d2acdda9616<wbr>
<script>
<!--
D(["mb","8d71f322c5aef46f7cc342bd8d9dbd\<wbr\>7b78697f9a9b88f3c48ff1359a8d11\<wbr\>cc843d74ab6dc6a49dde96ff207099\<wbr\>a1095f701080507c8560e571a1beb6\<wbr\>5a29f990d98ed2d0c53ed7417c1f45\<wbr\>bca77f1c2e7fe6126469a43761e9a9\<wbr\>d989c0ef002996dc6694a94fda3b38\<wbr\>bb69ccef353ebdf3c3dd14035ad6bf\<wbr\>94da20f12fe76c7060b2920703056d\<wbr\>387abad5f741e2ee7ef57fb365feb3\<wbr\>a373441579\<br\> PublicExponent: 0x03\<br\> # everything after this point is secret\<br\> PrivateExponent:\<br\>0x1e05875327d7c4ac472048ef15d2\<wbr\>2dc6179d8450752b8db69a92020922\<wbr\>7cebfb35ac681f2dd23db4feb9bfab\<wbr\>1158c0716f2427c3b7230ffaebeb23\<wbr\>3070da5e5328004ee26a94dba98ec2\<wbr\>d72dceed8ad297abd5c3affb965ea9\<wbr\>dd76c274d64785fb14ea6b954ee3b7\<wbr\>185d58506977eded3aacdc77a46e59\<wbr\>1792fddb20f27e1294cb35ca4244f4\<wbr\>e9e966a2e419a65ce0164183d434a6\<wbr\>20822915974fa7294c4fc2ba43b28a\<wbr\>ec258c48163547c9fecef837a9d441\<wbr\>59aa51206962baf73943639e0c3192\<wbr\>45c65f49d6516f19837479a649b2c5\<wbr\>5595081ec8610560b00528da71a188\<wbr\>22c54712f121f92069890b5724ca2b\<wbr\>560853e2e53e6eefd313c21db655fb\<wbr\>ee0e7a30bace546c70f26df5e28222\<wbr\>af52ee38f1\<br\> Prime1: 0xe4100644a6a2605252922bf7e688\<wbr\>c9cd6fbf354001f7d7d58040a84adb\<wbr\>3a60abd223eeb846797432d4dc3ff6\<wbr\>f49e4c3f4f8e27c523c68f86c5d198\<wbr\>e655c45cab121846c7073219563806\<wbr\>4c4ecc8857000ba9c3b30f670bb73c\<wbr\>0d9a0cf544ba3731b9a3d584b2ee51\<wbr\>942d69e1311aa6f027d91f0d280300\<wbr\>b2d607828fb5de1ea5c35b0c84ffd2\<wbr\>bfae23\<br\> Prime2: 0xca31fb5e1fe1aa15cc0f253522ee\<wbr\>7d25afd0a66cd2082ecc0a00afcd4c\<wbr\>db5edf6e7dd1d4409aaf73f0520035\<wbr\>1e3014ff217745e55dc6a36f124868\<wbr\>5d0b643aa0673768034a759fb3a005\<wbr\>43e7815b1f983acbf07e210afc338e\<wbr\>14e3817da27713751654a89508a256\<wbr\>9572668fa1b6c74bdd7b9df45da123\<wbr\>2adb8ee958adfb28462cbbe55e87ae\<wbr\>ef11b3\<br\> Exponent1: 0x980aaed86f16eae18c6172a5445b\<wbr\>31339fd4ce2aabfa8fe3aad5c5873c\<wbr\>d195c7e16d49d02efba2cc8de82aa4\<wbr\>a31432d4dfb41a836d2f0a59d93665\<wbr\>",1]
);
//-->
</script>8d71f322c5aef46f7cc342bd8d9dbd<wbr>7b78697f9a9b88f3c48ff1359a8d11<wbr>cc843d74ab6dc6a49dde96ff207099<wbr>a1095f701080507c8560e571a1beb6<wbr>5a29f990d98ed2d0c53ed7417c1f45<wbr>bca77f1c2e7fe6126469a43761e9a9<wbr>d989c0ef002996dc6694a94fda3b38<wbr>bb69ccef353ebdf3c3dd14035ad6bf<wbr>94da20f12fe76c7060b2920703056d<wbr>387abad5f741e2ee7ef57fb365feb3<wbr>a373441579<br>
PublicExponent: 0x03<br>
# everything after this point is secret<br>
PrivateExponent:<br>
0x1e05875327d7c4ac472048ef15d2<wbr>2dc6179d8450752b8db69a92020922<wbr>7cebfb35ac681f2dd23db4feb9bfab<wbr>1158c0716f2427c3b7230ffaebeb23<wbr>3070da5e5328004ee26a94dba98ec2<wbr>d72dceed8ad297abd5c3affb965ea9<wbr>dd76c274d64785fb14ea6b954ee3b7<wbr>185d58506977eded3aacdc77a46e59<wbr>1792fddb20f27e1294cb35ca4244f4<wbr>e9e966a2e419a65ce0164183d434a6<wbr>20822915974fa7294c4fc2ba43b28a<wbr>ec258c48163547c9fecef837a9d441<wbr>59aa51206962baf73943639e0c3192<wbr>45c65f49d6516f19837479a649b2c5<wbr>5595081ec8610560b00528da71a188<wbr>22c54712f121f92069890b5724ca2b<wbr>560853e2e53e6eefd313c21db655fb<wbr>ee0e7a30bace546c70f26df5e28222<wbr>af52ee38f1<br>
Prime1: 0xe4100644a6a2605252922bf7e688<wbr>c9cd6fbf354001f7d7d58040a84adb<wbr>3a60abd223eeb846797432d4dc3ff6<wbr>f49e4c3f4f8e27c523c68f86c5d198<wbr>e655c45cab121846c7073219563806<wbr>4c4ecc8857000ba9c3b30f670bb73c<wbr>0d9a0cf544ba3731b9a3d584b2ee51<wbr>942d69e1311aa6f027d91f0d280300<wbr>b2d607828fb5de1ea5c35b0c84ffd2<wbr>bfae23<br>
Prime2: 0xca31fb5e1fe1aa15cc0f253522ee<wbr>7d25afd0a66cd2082ecc0a00afcd4c<wbr>db5edf6e7dd1d4409aaf73f0520035<wbr>1e3014ff217745e55dc6a36f124868<wbr>5d0b643aa0673768034a759fb3a005<wbr>43e7815b1f983acbf07e210afc338e<wbr>14e3817da27713751654a89508a256<wbr>9572668fa1b6c74bdd7b9df45da123<wbr>2adb8ee958adfb28462cbbe55e87ae<wbr>ef11b3<br>
Exponent1: 0x980aaed86f16eae18c6172a5445b<wbr>31339fd4ce2aabfa8fe3aad5c5873c<wbr>d195c7e16d49d02efba2cc8de82aa4<wbr>a31432d4dfb41a836d2f0a59d93665<wbr>
<script>
<!--
D(["mb","eee3d83dc761658484af76bb8ed004\<wbr\>32df33058f555d1bd7ccb4ef5d24d2\<wbr\>b3bc08a38326cf767bc28e5877498b\<wbr\>b81e469620bc6f4ac53b6a08c55755\<wbr\>cc8eafac5fce94146e823cb3035537\<wbr\>2a7417\<br\> Exponent2: 0x86cbfce96a967163dd5f6e236c9e\<wbr\>fe191fe06ef336b01f32b155ca88dd\<wbr\>e79494f453e1382b11ca4d4ae15578\<wbr\>becab8aa164f83ee3e846cf4b6daf0\<wbr\>3e079827159a24f00231a3bfcd1558\<wbr\>d7efab9215102732a054160752cd09\<wbr\>63425653c1a4b7a3643870635b16e4\<wbr\>63a199b51679da3293a7bea2e91617\<wbr\>71e7b49b9073fcc5841dd298e9afc9\<wbr\>f4b677\<br\> Coefficient: 0xbe2fd02d3bd5b4a54b86b4f71943\<wbr\>02749c43b59cca1dc51fa653875dd0\<wbr\>c79221f39c982f61301f6bc8f25e1c\<wbr\>a283197f21c2421f3b3ff74e7a523e\<wbr\>5137a093215bd26456d6b7f88e6932\<wbr\>7e20d515b32b358e36eda604d0ecbf\<wbr\>bfd153f52e3c46916b50f188be31c5\<wbr\>570ad636306087cae90f1eddd19893\<wbr\>74aeefbf26267ab11790e131cf1bdd\<wbr\>d52cf6\<br\> }\<br\># do not change the indenting of that "}"\<br\>\<br\>i do not have a dns server where i can host my dns txt record no\<br\>firewall is used at this moment on the server; will be used later.\<br\>\<br\>marcus miller ipsec.conf on windows is\<br\>\<br\>conn rohit\<br\> authby=secret\<br\> presharedkey="rohit"\<br\> left=61.95.143.39\<br\> leftsubnet=10.140.0.0/16\<br\> leftnexthop=61.95.143.33\<br\> right=%any\<br\> rightnexthop=%defaultroute\<br\> auto=start\<br\>\<br\>how ever i am getting the authentication failed\<br\>\<br\>please help\<br\>\<br\>regards\<br\>",1]
);
//-->
</script>eee3d83dc761658484af76bb8ed004<wbr>32df33058f555d1bd7ccb4ef5d24d2<wbr>b3bc08a38326cf767bc28e5877498b<wbr>b81e469620bc6f4ac53b6a08c55755<wbr>cc8eafac5fce94146e823cb3035537<wbr>2a7417<br>
Exponent2: 0x86cbfce96a967163dd5f6e236c9e<wbr>fe191fe06ef336b01f32b155ca88dd<wbr>e79494f453e1382b11ca4d4ae15578<wbr>becab8aa164f83ee3e846cf4b6daf0<wbr>3e079827159a24f00231a3bfcd1558<wbr>d7efab9215102732a054160752cd09<wbr>63425653c1a4b7a3643870635b16e4<wbr>63a199b51679da3293a7bea2e91617<wbr>71e7b49b9073fcc5841dd298e9afc9<wbr>f4b677<br>
Coefficient: 0xbe2fd02d3bd5b4a54b86b4f71943<wbr>02749c43b59cca1dc51fa653875dd0<wbr>c79221f39c982f61301f6bc8f25e1c<wbr>a283197f21c2421f3b3ff74e7a523e<wbr>5137a093215bd26456d6b7f88e6932<wbr>7e20d515b32b358e36eda604d0ecbf<wbr>bfd153f52e3c46916b50f188be31c5<wbr>570ad636306087cae90f1eddd19893<wbr>74aeefbf26267ab11790e131cf1bdd<wbr>d52cf6<br>
}<br>
# do not change the indenting of that "}"<br>
<br>
i do not have a dns server where i can host my dns txt record no<br>
firewall is used at this moment on the server; will be used later.<br>
<br>
marcus miller ipsec.conf on windows is<br>
<br>
conn rohit<br>
authby=secret<br>
presharedkey="rohit"<br>
left=61.95.143.39<br>
leftsubnet=10.140.0.0/16<br>
leftnexthop=61.95.143.33<br>
right=%any<br>
rightnexthop=%defaultroute<br>
auto=start<br>
<br>
how ever i am getting the authentication failed<br>
<br>
please help<br>
<br>
regards<br>
<script>
<!--
D(["mb","\<span class=sg\>rohit sahi\<br\>\</span\>",1]
);
D(["mb","",0]
);
D(["ce"]);
//-->
</script><span class=sg>rohit sahi</span></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> </span></font></p>
<div style='margin-right:399.0pt'>
<div style='border:double red 2.25pt;padding:1.0pt 0in 1.0pt 4.0pt'>
<p class=MsoNormal style='border:none;padding:0in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>Kind Regards,</span></font></p>
<p class=MsoNormal style='border:none;padding:0in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>Rohit Sahi,</span></font></p>
<p class=MsoNormal style='border:none;padding:0in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>System Administrator.</span></font></p>
<p class=MsoNormal style='border:none;padding:0in'><font size=2 color=red
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New";
color:red'>(Scicom InfoTech Pvt. Ltd.)</span></font></p>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font></p>
</div>
</body>
</html>