<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
@page Section1
{size:841.9pt 595.3pt;
margin:69.45pt 72.0pt 69.45pt 72.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>It is a shame that on IPCop
mailing list there is no one supporting me about VPNs… Sorry to bother
you about something that seems a IPCop problem (I think that IPCop writes the ipsec
config wrong, this is not a “bug” or a “problem” with openswan).
</span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'> </span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>I had to change the ipcop
created connection:</span></font></b></p>
<p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt'><font
size=2 color=blue face=Symbol><span style='font-size:10.0pt;font-family:Symbol;
color:blue'>·<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><b><font color=blue><span style='color:blue;
font-weight:bold'>Removed the “leftsubnet” line (that doesn’t
look good, now where I can setup which network the VPN give access to?? –
the l2tpd will handle this?)</span></font></b></p>
<p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt'><font
size=2 color=blue face=Symbol><span style='font-size:10.0pt;font-family:Symbol;
color:blue'>·<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><b><font color=blue><span style='color:blue;
font-weight:bold'>Added the “pfs=no” – I don’t know
what this means, but if not pluto complains about pfs, now it’s happy</span></font></b></p>
<p class=MsoPlainText style='margin-left:36.0pt;text-indent:-18.0pt'><font
size=2 color=blue face=Symbol><span style='font-size:10.0pt;font-family:Symbol;
color:blue'>·<font size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></font><b><font color=blue><span style='color:blue;
font-weight:bold'>Added the two proto/port lines</span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'> </span></font></b></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>config setup</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> interfaces=ipsec0=eth2</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> klipsdebug=none</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> plutodebug=none</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> plutoload=%search</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> plutostart=%search</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> uniqueids=yes</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> nat_traversal=yes</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.0.0/255.255.255.0,%v4:!192.168.1.0/255.255.255.0</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>conn %default</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> keyingtries=0</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> disablearrivalcheck=no</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>conn Laptop</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> left=192.168.1.100</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> leftcert=/var/ipcop/certs/hostcert.pem</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> leftprotoport=17/1701</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> rightprotoport=17/1701</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> right=%any</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> rightsubnet=vhost:%no,%priv</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> rightcert=/var/ipcop/certs/Laptopcert.pem</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> dpddelay=30</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> dpdtimeout=120</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> dpdaction=clear</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> authby=rsasig</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> auto=add</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> pfs=no</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue'>Now it kooks like the connection is established…
Note that is I touch the IPCop VPN web configuration, that will overwrite ipsec.conf,
so I think I will have to modify the web scripts.</span></font></p>
<p class=MsoPlainText><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: packet from
192.168.1.108:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: packet from
192.168.1.108:500: ignoring Vendor ID payload [FRAGMENTATION]</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: packet from
192.168.1.108:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: packet from
192.168.1.108:500: ignoring Vendor ID payload
[26244d38eddb61b3172a36e3d0cfb819]</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: responding to Main Mode from unknown peer 192.168.1.108</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: transition from state (null) to state STATE_MAIN_R1</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
no NAT detected</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=UK, O=Initiative, CN=Piero
Laptop'</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #1: sent MR3, ISAKMP SA established</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #2: responding to Quick Mode</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #2: transition from state (null) to state STATE_QUICK_R1</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Mar 30 </span></font>10:04:13 ipcop pluto[9156]: "Laptop"[1]
192.168.1.108 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</p>
<p class=MsoPlainText><b><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-weight:bold'>Mar 30 </span></font></b><b><span style='font-weight:bold'>10:04:13</span></b><b><span style='font-weight:bold'> ipcop
pluto[9156]: "Laptop"[1] 192.168.1.108 #2: IPsec SA established</span></b></p>
<p class=MsoPlainText><b><font size=2 face="Courier New"><span
style='font-size:10.0pt;font-weight:bold'> </span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>The last line looks like a
“good one”, but windows still does not realize it and timeout after
a while… Time to setup l2tpd I think…</span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'> </span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>Any comment?</span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'> </span></font></b></p>
<p class=MsoPlainText><b><font size=2 color=blue face="Courier New"><span
style='font-size:10.0pt;color:blue;font-weight:bold'>Piero</span></font></b></p>
</div>
</body>
</html>