<div>Dear all<BR>I am trying to establish IPsec tunnel between openwan linux as server and windows xp linksys ipsec tool as client.</div> <div>[] My network scenerio is as follows:<BR> <BR> 192.168.30.5 192.168.30.155<BR> windows xp client<------------------->Openswan-2.2.0-8<BR> Lnksys ipsec debin sarge Linux server </div> <div> </div> <div>[] My linux server has got two ethernet card and they are NATed</div> <div> eth0 ip : 192.168.30.155<BR> eth1 ip : 192.168.50.1</div> <div><BR>I
have followed step by step procedure of Nate Carlson's instruction. and success fully generated all pen and p12 file.</div> <div> </div> <div>[] My ipsec server is running and ipsec verify produce follwing result</div> <div># ipsec verify<BR>Checking your system to see if IPsec got installed and started correctly:<BR>Version check and ipsec on-path [OK]<BR>Linux Openswan U2.2.0/K2.4.27-2-386 (native)<BR>Checking for IPsec support in kernel [OK]<BR>Checking for RSA private key
(/etc/ipsec.secrets) [FAILED]<BR>ipsec showhostkey: no default key in "/etc/ipsec.secrets"<BR>Checking that pluto is running [OK]<BR>Two or more interfaces found, checking IP forwarding [OK]<BR>Checking NAT and MASQUERADEing [N/A]<BR>Checking for
'ip' command [OK]<BR>Checking for 'iptables' command [OK]<BR>Checking for 'setkey' command for native IPsec stack support [OK]</div> <div>Opportunistic Encryption DNS checks:<BR> Looking for TXT in forward dns zone: debian
[MISSING]<BR> Does the machine have at least one non-private address? [FAILED]</div> <div>[] My Openswan /etc/ipsec.conf is as follows:</div> <div>debian:/etc# vi ipsec.conf<BR>version 2.0</div> <div>config setup<BR> interfaces=%defaultroute<BR> nat_traversal=yes<BR> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16</div> <div>conn %default<BR> keyingtries=1<BR> compress=yes<BR> disablearrivalcheck=no<BR> authby=rsasig<BR> leftrsasigkey=%cert<BR> rightrsasigkey=%cert</div> <div>conn
roadwarrior<BR> left=%any<BR> right=192.168.30.5<BR> rightca="C=US,ST=AZ/O=Brotecs technology Ltd.,OU=brotecs,CN=murad,emailAddress=murad@brotecs.com"<BR> network=auto<BR> auto=start<BR> pfs=yes</div> <div>conn roadwarrior-net<BR> left=%any<BR> right=192.168.30.5<BR> rightsubnet= 192.168.30.0/255.255.255<BR> rightca="C=US,ST=AZ/O=Brotecs technology Ltd.,OU=brotecs,CN=murad,emailAddress=murad@brotecs.com"<BR> network=auto<BR>
auto=start<BR> pfs=yes</div> <div>conn block<BR> auto=ignore</div> <div>conn private<BR> auto=ignore</div> <div>conn private-or-clear<BR> auto=ignore</div> <div>My Linksys IPsec tool configurtion is as follows:-<BR>Local Side of the tunnel<BR> IP Address : 192.168.30.5<BR> Local Address/netmask :192.168.30.5/255.255.255.255<BR> <BR>Remote Side of the tunnel<BR> VPN Gateway : 192.168.30.155<BR> Remote Internal IP: 192.168.50.1<BR> Private Address/netmask :192.168.50.0/255.255.255.0</div> <div>IPsec Option<BR> Authenticatio Method is certificate<BR> value showing C="US", S="AZ", O="Brotecs technology Ltd.", OU="brotecs", CN="murad", E="<A href="mailto:murad@brotecs.com">murad@brotecs.com</A>"</div> <div>other parameter is as default</div> <div>Unfortunately It
is not connecting with server</div> <div>Lynksys log shows as following:</div> <div>18:16:21: Starting Tunnel</div> <div>18:16:21: IKE Encryption: 3des<BR>IKE Integrity: md5<BR>Remote Gateway Address: 192.168.30.155<BR>Remote Monitor Address: 192.168.50.1<BR>Remote Network: 192.168.50.0/255.255.255.0<BR>Local Address: 192.168.30.5<BR>Local Network: 192.168.30.5/255.255.255.255</div> <div>18:16:22: 15 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...</div> <div>18:16:27: 30 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...</div> <div>18:16:32: 45 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...</div> <div><BR>[] for addition information I did NOT go through Create a IPSEC + Certificates MMC<BR>Start/Run/MMC<BR>File (or Console) - Add/Remove Snap-in<BR>Click on 'Add'<BR>Click on 'Certificates', then 'Add'<BR>Select 'Computer Account', and 'Next'.<BR>Select 'Local computer', and 'Finish'.<BR>Click on 'IP Security Policy Management',
and 'Add'.<BR>Select 'Local Computer', and 'Finish'<BR>Click 'Close' then 'OK'</div> <div>Becuse i am assuming that Lnksys ipsec tool is enough for the certificate part.<BR> <BR>Can anyone tell me what is wrong in above configurtion or why it's not connecting?? Please help me??</div> <div>Regards,</div> <div>Murad.<BR>Email : muradcsc@yahoo.com</div><p> 
<hr size=1>Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. <a href="http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com"> Great rates starting at 1¢/min.