<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.3790.2817" name=GENERATOR>
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:ËÎÌå;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@ËÎÌå";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Verdana;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
/* Page Definitions */
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:15.6pt;}
div.Section1
{page:Section1;}
-->
</STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Verdana size=2>Hi, Paul:</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>Thank you very much.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>Now I have found my log message in
/var/log/auth.log.</FONT></DIV>
<DIV><FONT face=Verdana size=2>I tried both openswan (2.4.5) and strongswan
(2.8).</FONT></DIV>
<DIV><FONT face=Verdana size=2>Linux kernel is 2.6.17 (Ubuntu 6.10)</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>It seems it is ignoring the Microsoft
stuff.</FONT></DIV>
<DIV><FONT face=Verdana size=2>The lt2p clients are windows 2003 (Sp1) and
XP (SP2)</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>George</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>===========================</FONT></DIV>
<DIV><FONT face=Verdana size=2>The following error message (oepnswan <>
windows 2003) </FONT></DIV>
<DIV><FONT face=Verdana size=2>is repeating a few times before</FONT></DIV>
<DIV><FONT face=Verdana size=2>the connection's timeout,</FONT></DIV>
<DIV><FONT face=Verdana size=2>Strongswan has slightly different
message.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV>Feb 4 10:22:02 localhost pluto[4447]: packet from 192.168.1.128:500:
ignoring V<BR>endor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<BR>Feb 4
10:22:02 localhost pluto[4447]: packet from 192.168.1.128:500: ignoring
V<BR>endor ID payload [FRAGMENTATION]<BR>Feb 4 10:22:02 localhost
pluto[4447]: packet from 192.168.1.128:500: received V<BR>endor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating i<BR>s
off<BR>Feb 4 10:22:02 localhost pluto[4447]: packet from
192.168.1.128:500: ignoring V<BR>endor ID payload
[Vid-Initial-Contact]<BR>Feb 4 10:22:02 localhost pluto[4447]: packet from
192.168.1.128:500: initial Ma<BR>in Mode message received on 192.168.1.131:500
but no connection has been authori<BR>zed<BR>Feb 4 10:22:03 localhost
pluto[4447]: packet from 192.168.1.128:500: ignoring V<BR>endor ID payload [MS
NT5 ISAKMPOAKLEY 00000004]<BR>Feb 4 10:22:03 localhost pluto[4447]: packet
from 192.168.1.128:500: ignoring V<BR>endor ID payload
[FRAGMENTATION]<BR>Feb 4 10:22:03 localhost pluto[4447]: packet from
192.168.1.128:500: received V<BR>endor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating i<BR>s
off<BR>Feb 4 10:22:03 localhost pluto[4447]: packet from
192.168.1.128:500: ignoring V<BR>endor ID payload
[Vid-Initial-Contact]<BR>Feb 4 10:22:03 localhost pluto[4447]: packet from
192.168.1.128:500: initial Ma<BR>in Mode message received on 192.168.1.131:500
but no connection has been authori<BR>zed</DIV>
<DIV> </DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>
<DIV>On Sat, 3 Feb 2007, George Wu
wrote:</DIV>
<DIV> </DIV>
<DIV>> I can set up openswan to
talk to both openswan and strongswan.</DIV>
<DIV>> But when I try it with
Xp(SP2) or windows 2003 (SP1). Neither
works.</DIV>
<DIV>> My kernel is 2.6.17 using
netkey.</DIV>
<DIV>> My openswan is 2.4.5</DIV>
<DIV>></DIV>
<DIV>> It seems my /var/log/secure doesn't
exists, I use tcpdump port 500</DIV>
<DIV>> to print the message. Also
on windows, I check the file
oakley.log file.</DIV>
<DIV> </DIV>
<DIV>Find the right logfile, tcpdump is
pretty useless, esp after phase 1
is</DIV>
<DIV>established and crypto is active.</DIV>
<DIV> </DIV>
<DIV>> 2-03: 16:00:49:741:868 processing HASH
(Notify/Delete)</DIV>
<DIV>> 2-03: 16:00:49:741:868 processing
payload NOTIFY</DIV>
<DIV>> 2-03: 16:00:49:741:868 notify:
INVALID-ID-INFORMATION</DIV>
<DIV>> 2-03: 16:00:49:741:868 isadb_set_status
sa:018203C0 centry:00000000 status 3601</DIV>
<DIV> </DIV>
<DIV>Seems openswan is rejecting the XP
client. It should log why that is.
check</DIV>
<DIV>your logs, daemon.log, auth.log or
secure.</DIV>
<DIV> </DIV>
<DIV>Paul</DIV>
<DIV>-- </DIV>
<DIV>Building and integrating Virtual Private
Networks with Openswan:</DIV>
<DIV><A
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A></DIV></FONT></DIV></BODY></HTML>