<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I am completely new to setting up VPN, and have asked to get what should be a simple host-to-host connection from one of my RedHat 6 servers to a Windows 2008 server.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are trying this with a preshared key. The configuration (ipsec.conf) on my side is...<o:p></o:p></p>
<p class="MsoNormal">--------<o:p></o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">config setup<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Debug-logging controls: "none" for (almost) none, "all" for lots.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> klipsdebug="none"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> plutodebug="none"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> protostack=netkey<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> #nat_traversal=yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> virtual_private=<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> oe=off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Enable this if you see "failed to find any available worker"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # nhelpers=0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn host-to-host<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> right=10.194.33.90<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> left=10.1.91.207<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># left=10.194.33.100 # from testing successful connection with a linux box<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> type=transport<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> pfs=no<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> auto=route<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> authby=secret<o:p></o:p></span></p>
<p class="MsoNormal">--------<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This is failing with...<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># ipsec auto --up host-to-host<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">104 "host-to-host" #1: STATE_MAIN_I1: initiate<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">003 "host-to-host" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">003 "host-to-host" #1: received and ignored informational message<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">010 "host-to-host" #1: STATE_MAIN_I1: retransmission; will wait 20s for response<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">003 "host-to-host" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It is also failing when the connection is attempted from the Windows box. I’ve sent my config info to the Windows admin, and he says he does not see anything wrong, that is should work with what he has set up.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As a test, I set up OpenSwan on another Redhat box, and was able to get a connection established without a problem.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any ideas? I am not sure what to make of “<span style="font-family:"Courier New"">NO_PROPOSAL_CHOSEN”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Is OpenSwan compatible with Windows 8 ipsec?</span><o:p></o:p></p>
</div>
</body>
</html>