Hello everyone,<br><br>I followed the guideline provided by Nate Carlson (http://www.natecarlson.com/linux/ipsec-x509.php) to setup "Net to Road-warrior" ipsec vpn connection between debian linux gateway and Windows XP road-warrior.<br><br>Gateway: Debian GNU/Linux 3.1<br>Road warrior: Microsoft Windows XP SP2<br>ipsec: Linux Openswan 2.4.6 (klips)<br><br>When I run ipsec.exe command in windows I am getting this error<br><br><br><font size="1">C:\ipsec>ipsec<br>IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller<br>Getting running Config ...<br>Microsoft's Windows XP identified<br>Setting up IPSec ...<br><br> Deactivating old policy...<br> Removing old policy...<br><br>Connection netone:<br> MyTunnel :
10.10.136.10<br> MyNet : 10.10.136.10/255.255.255.255<br> PartnerTunnel: 10.10.136.90<br> PartnerNet : 192.0.0.0/255.0.0.0<br> CA (ID) : subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA...<br> PFS : y<br> Auto : start<br> Auth.Mode : MD5<br> Rekeying : 3600S/50000K<br>Error 0xcbbb0012 occurred:<br><br>The authentication method specified is invalid or unsupported.<br><br><br>POTF_VERSION<br>USAGE:<br>ipseccmd \\machinename -f
FilterList -n NegotiationMethodList -t TunnelAddr<br> -a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime<br> -1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]<br> {-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}<br> Creates or modifies IPSec policy.<br><br>ipseccmd \\machinename show gpo filters policies auth stats sas all<br> Displays current IPSec configuration.<br><br>ipseccmd \\machinename set [logike OR dontlogike]<br> Turns on/off IKE logging.<br><br>ipseccmd \\machinename [import OR export] Location FileName<br> Imports or exports a static policy file.<br><br>ipseccmd -file FileName<br> Executes a file containing regular static or dynamic ipseccmd commands.<br><br>For
extended usage, run: ipseccmd -?<br>Fehler bei Command: ipseccmd -w REG -p FreeSwan -r Host-netone -t 10.10.136.90 -<br>f 10.10.136.10/255.255.255.255=192.0.0.0/255.0.0.0 -n ESP[MD5,3DES]3600S/50000KP<br>FS -a CERT:"subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA" -lan -1p > NUL:<br>Error 0xcbbb0012 occurred:<br><br>The authentication method specified is invalid or unsupported.<br><br><br>POTF_VERSION<br>USAGE:<br>ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t TunnelAddr<br> -a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime<br> -1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]<br> {-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}<br> Creates or modifies IPSec policy.<br><br>ipseccmd \\machinename show gpo filters policies auth stats sas
all<br> Displays current IPSec configuration.<br><br>ipseccmd \\machinename set [logike OR dontlogike]<br> Turns on/off IKE logging.<br><br>ipseccmd \\machinename [import OR export] Location FileName<br> Imports or exports a static policy file.<br><br>ipseccmd -file FileName<br> Executes a file containing regular static or dynamic ipseccmd commands.<br><br>For extended usage, run: ipseccmd -?<br>Fehler bei Command: ipseccmd -w REG -p FreeSwan -r netone-Host -t 10.10.136.10 -<br>f 192.0.0.0/255.0.0.0=10.10.136.10/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KP<br>FS -a CERT:"subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA" -lan -1p > NUL:<br> Activating policy...<br>Error converting policy: 0x5<br><br><br><br></font><br>Windows ipsec.conf file<br><br><font size="1">conn netone<br> left=%any<br>
right=10.10.136.90<br> rightsubnet=192.0.0.0/8<br> rightca="C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA"<br> network=auto<br> auto=start<br> pfs=yes<br></font><br><br><br>Linux ipsec.conf file<br><br><br><font size="1">version 2.0<br><br>config setup<br> interfaces=%defaultroute<br> nat_traversal=yes<br> <br>conn %default<br> keyingtries=1<br> compress=yes<br> disablearrivalcheck=no<br> authby=rsasig<br> leftrsasigkey=%cert<br> rightrsasigkey=%cert<br><br>conn netone<br> left=10.10.136.90<br> leftsubnet=192.0.0.0/8<br> leftcert=host.example.com.pem<br> right=%any<br> rightsubnet=vhost:%no,%priv<br>
auto=start<br> pfs=yes<br><br><br></font><br>However when I replace <br>rightca="subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA,emailAddress=ca@example.com" line in ipsec.conf of Windows to <br>rightca=",C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA" I get following message <br><br><br><font size="1">C:\ipsec>ipsec<br>IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller<br>Getting running Config ...<br>Microsoft's Windows XP identified<br>Setting up IPSec ...<br><br> Deactivating old policy...<br> Removing old policy...<br><br>Connection netone:<br> MyTunnel : 10.10.136.10<br> MyNet : 10.10.136.10/255.255.255.255<br> PartnerTunnel: 10.10.136.90<br>
PartnerNet : 192.0.0.0/255.0.0.0<br> CA (ID) : C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA...<br> PFS : y<br> Auto : start<br> Auth.Mode : MD5<br> Rekeying : 3600S/50000K<br> Activating policy...<br>but ipsec connection does not get established. Neither I get desired pings nor I get "IPSec SA established message on linux machine.<br><br><br></font>but I don't get desired pings (request timed out) nor i get "IPSEC SA established" message on command "ipsec auto --status" on debian machine.<br><br>Any help is appreciated.<br><div>
</div><br><br><p> Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php