<div>Hello!</div><div>There are no results :(</div><div>I can't use linux,openswan + win7 over VPN.</div><div>I think that problem is in Windows. But I can't find where it is.</div><div><br></div><div>Linux, openswan, /etc/ipsec.conf:<br>
</div>conn lnx-win<br> type=tunnel<br> auto=add<br> pfs=yes<br> right=192.168.1.38<br> left=192.168.1.15<br> auth=esp<br> authby=secret<br> forceencaps=no<br> esp=3des-sha1-96<br>
rekey=no<br> dpdaction=clear<br> dpddelay=30<br> dpdtimeout=30<br><br><br>linux, openswan, ~>ipsec auto --status<br>000<br>000 "lnx-win": 192.168.1.15<192.168.1.15>[+S=C]...192.168.1.38<192.168.1.38>[+S=C]; erouted; eroute owner: #2<br>
000 "lnx-win": myip=unset; hisip=unset;<br>000 "lnx-win": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<br>000 "lnx-win": policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: eth0;<br>
000 "lnx-win": dpd: action:clear; delay:30; timeout:30;<br>000 "lnx-win": newest ISAKMP SA: #1; newest IPsec SA: #2;<br>000 "lnx-win": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024<br>
000 "lnx-win": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_096; flags=-strict<br>000 "lnx-win": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_096<br>000 "lnx-win": ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<Phase1><br>
000<br>000 #2: "lnx-win":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 28764s; newest IPSEC; eroute owner; isakmp#1; idle; import:not set<br>000 #2: "lnx-win" <a href="mailto:esp.55efcd42@192.168.1.38">esp.55efcd42@192.168.1.38</a> <a href="mailto:esp.4a96971d@192.168.1.15">esp.4a96971d@192.168.1.15</a> ref=2 refhim=1<br>
000 #1: "lnx-win":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 28764s; newest ISAKMP; nodpd; idle; import:not set<br>000<br><br>linux, openswan, /var/log/secure:<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: responding to Main Mode<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R1: sent MR1, expecting MI2<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R2: sent MR2, expecting MI3<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.38'<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: the peer proposed: <a href="http://192.168.1.15/32:0/0">192.168.1.15/32:0/0</a> -> <a href="http://192.168.1.38/32:0/0">192.168.1.38/32:0/0</a><br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: responding to Quick Mode proposal {msgid:01000000}<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: us: 192.168.1.15<192.168.1.15>[+S=C]<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: them: 192.168.1.38<192.168.1.38>[+S=C]<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<br>Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it<br>
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br><br><br>Windows 7 (192.168.1.38), VPN is ON<br>C:\>ping 192.168.1.15<br><br>Pinging 192.168.1.15 with 32 bytes of data:<br>
Request timed out.<br>Request timed out.<br>Request timed out.<br>Request timed out.<br><br>Ping statistics for <a href="http://192.168.1.15">192.168.1.15</a>:<br> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),<br>
<br><br>Windows 7 (192.168.1.38), VPN is OFF<br>C:\>ping 192.168.1.15<br><br>Pinging 192.168.1.15 with 32 bytes of data:<br>Reply from <a href="http://192.168.1.15">192.168.1.15</a>: bytes=32 time=1ms TTL=64<br>Reply from <a href="http://192.168.1.15">192.168.1.15</a>: bytes=32 time<1ms TTL=64<br>
Reply from <a href="http://192.168.1.15">192.168.1.15</a>: bytes=32 time<1ms TTL=64<br>Reply from <a href="http://192.168.1.15">192.168.1.15</a>: bytes=32 time<1ms TTL=64<br><br>Ping statistics for <a href="http://192.168.1.15">192.168.1.15</a>:<br>
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),<br>Approximate round trip times in milli-seconds:<br> Minimum = 0ms, Maximum = 1ms, Average = 0ms<br><br>Windows 7 registry<br>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPSec]<br>
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002<br><br>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]<br>"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002<br><br><br>