<div>Paul,</div>
<div>Thank you very much for your quick response.</div>
<div> </div>
<div>At the ipsec.conf file that have, those * symbols are not the actual part of the file. Somehow, they ended up in my email when I copy-pasted them. Sorry about that.</div>
<div> </div>
<div>I installed lsipsectool.exe and used it. The result was not a success. I am gonna paste the log file below. Before that, I have a few questions;</div>
<div> </div>
<ol>
<li>At the GUI of lsipsectool.exe, under the Remote Side of the Tunnel, I put the IP address of the gateway which is <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a>. But I am confused with Remote Internal IP and Private Address/Network Mask part. I put
<a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a> for both of them which is linux box's IP address within that LAN behind the gateway. Is that correct?</li>
<li>At the IPSec Options windows, I selected Certificate as an Authentication Method and write the challange password below which I was asked when I created the certificate at CA in linux box.For the Proto/Encryption/Integrity part I did not change the default settings, which are ESP/3DES/MD5. Should I change them? If so, to what values I should change them?
</li></ol>
<div><strong>Here is the log file from lsipsectool;</strong></div>
<div> </div>
<div><font size="1">
<p>14:29:39: Starting Tunnel</p>
<p>14:29:39: IKE Encryption: 3des</p>
<p>IKE Integrity: md5</p>
<p>Remote Gateway Address: <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a></p>
<p>Remote Monitor Address: <a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a></p>
<p>Remote Network: <a href="http://10.10.10.10/255.255.255.0"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10/255.255.255.0</a></p>
<p>Local Address: <a href="http://192.168.1.64"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.64" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.64</a></p>
<p>Local Network: <a href="http://192.168.1.64/255.255.255.255"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.64" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.64/255.255.255.255</a></p>
<p>14:29:39: WinSock Version High : 514 Version : 2</p>
<p>14:29:39: Init checkconnThread::Entry()</p>
<p>14:29:42: Comparing <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a> = <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a></p>
<p>14:29:45: 0 ECHO REQUEST TO <a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a> [ FAILED #0 ] [ Unknow Error Code 11010 ]</p>
<p>14:29:45: Comparing <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a> = <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a></p>
<p>14:29:47: 1 ECHO REQUEST TO <a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a> [ FAILED #1 ] [ Unknow Error Code 11010 ]</p>
<p>14:29:47: Comparing <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a> = <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a></p>
<p>14:29:50: 2 ECHO REQUEST TO <a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a> [ FAILED #2 ] [ Unknow Error Code 11010 ]</p>
<p>14:29:50: Comparing <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a> = <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a></p>
<p>14:29:52: Stoping Tunnel</p>
<p>14:29:52: 3 ECHO REQUEST TO <a href="http://10.10.10.10"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "10.10.10.10" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 10.10.10.10</a> [ FAILED #3 ] [ Unknow Error Code 11010 ]</p>
<p>14:29:52: Exit pingThread::OnExit()</p>
<p>14:29:52: Dactivating policy {bd834698-2b72-49a2-9207-21572a79cefe}</p></font></div>
<div><strong>And here is the log file from windows event viewer;</strong></div>
<div><font size="1">
<p>IPSec Services: PAStore Engine failed to apply some rules of the active IPSec policy "x4 {0529745e-57f5-4c99-adc9-951d9c14a149}" on the machine with error code: The parameter is incorrect.</p>
<p>. Please run IPSec monitor snap-in to further diagnose the problem</p>
<p> </p>
<p><font size="2">Thank you very much.</font></p>
<p><font size="2">Can Akalin</font></p>
<p> </p></font></div>
<div><br><br> </div>
<div><span class="gmail_quote">On 3/15/06, <b class="gmail_sendername">Paul Wouters</b> <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Wed, 15 Mar 2006, Can Akalin wrote:<br><br>> But I am lost at the Windows side. I added the certificate to the windows
<br>> using MMC, downloaded ipsec.exe and ipseccmd.exe. I typed the ipsec and I<br>> got this error message;<br><br>Use lsipsectool.exe from sourceforge, instead of ipsec.exe. ipsec.exe is very<br>old, has no GUI, and is not really well maintained anymore. lsipsectool uses
<br>the ipsec2k.dll library instead.<br><br>> *C:\ipsec>ipsec<br>> IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller<br>> Getting running Config ...<br>> Microsoft's Windows XP identified<br>> Setting up IPSec ...*
<br>><br>> * Deactivating old policy...<br>> Removing old policy...*<br>><br>> *Connection roadwarrior:<br>> MyTunnel : <a href="http://192.168.1.63"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.63" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.63</a><br>> MyNet :
<a href="http://192.168.1.63/255.255.255.255"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.63" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.63/255.255.255.255</a><br>> PartnerTunnel: <a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a><br>> PartnerNet : <a href="http://192.168.1.55/255.255.255.255"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious:
192.168.1.55/255.255.255.255</a><br>> CA (ID) : C=CA,ST=Ontario,L=Toronto,O=Springboard Retail*<br>><br>> * PFS : y<br>> Auto : start<br>> Auth.Mode : MD5<br>
> Rekeying : 3600S/50000K<br>> Error 0xcbbb0012 occurred:*<br>><br>> *The authentication method specified is invalid or unsupported.*<br><br>> here is my ipsec.conf at the windows machine,<br>>
<br>> *conn roadwarrior<br>> left=%any<br>> right=<a href="http://192.168.1.55"></b></font><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.1.55" claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links are often malicious: 192.168.1.55</a><br>> rightca="C=CA,ST=Ontario,L=Toronto,O=Springboard<br>> Retail,CN=can,emailAddress=<a href="mailto:can@springboardnetworks.com">
can@springboardnetworks.com</a>"<br>> network=auto<br>> auto=start<br>> pfs=yes*<br><br>Is that "*" part of your config file? If so, remove them.<br>Also, is rightca= the Id of the Certificate Authority? It should NOT be the
<br>personal certificate ID, but that of the CA.<br><br>> Can anyone help me to instruct what to do with ipsec.exe, ipsec.conf and<br>> ipseccmd.exe at the windows to get the VPN work?<br><br>Ditch it for lsipsectool.
<br><br>Paul<br>--<br>Building and integrating Virtual Private Networks with Openswan:<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br>