[Openswan Users] Help! - Unable to send email (exchange/mapi) with attachments from remote (VPN connected) site using WinXP

Darius dariusq2km at yahoo.com
Tue Apr 27 00:46:41 CEST 2004 

Greetings,

We want to switch our remote office Win2K desktops to WinXP (Ok, ok - if 
you are already jeering then please know that closed, proprietry OS's 
are not my first choice either). Our remote offices use FreeSWAN (1.97 
on RH 7.3) to get to an Exchange 5.5 server at our head office (where 
Debian, RH  and snapgear(linux/FreeSWAN) are used on servers, routers). 
All Win2K/XP desktops are using Outlook 2000 (MAPI) to communicate with 
Exchange.

Posting this problem here and expecting a soltion might be a longshot; 
chances are this isn't a FreeSWAN config problem, but my testing 
environment can't eliminate our FreeSWAN VPN setup from being part of 
the problem at the moment. I'm hoping someone with a similar environment 
will see this and have some constructive suggestions about how to fix 
this problem, or diagnose the problem without replacing FreeSWAN with 
another VPN product, or tell me that 
WinXP/Outlook2K/Exchange5.5/FreeSWAN works for them !


Here's what I'm seeing ::

On Win2k systems at *remote* and *head* office - all features of Outlook 
2000, (calendars, email, address books, offline storage OSTs etc.) seem 
to work without problems.
On WinXP systems at *head* office - all features of Outlook 2000 also 
seem to work without problems (same as Win2K).

On WinXP systems at *remote* office - all features of Outlook 2000 seem 
to work without problems /EXCEPT, we can't send email with attachments./

I've made some captures (using ethereal) in an attempt to compare what 
happens with Win2k Vs. WinXP when sending email with attachments from 
the remote office;
- On Win2k the series of RPC/TCP interations seems very consistent and 
predictable and it always works.
- On WinXP the series of RPC/TCP interations is also very consistent and 
predictable, but very different from Win2K, and it never works.

Because of this I suspect XP's MAPI library (MAPI32.DLL ?) - Why would a 
set of MAPI RPC calls made from a WinXP system succeed on a local subnet 
but fail on a remote subnet? And why do an apparently different set of 
MAPI RPC calls issue from a Win2k system and succeed on both local and 
remote subnets?

Could WinXP's implementation of MAPI or RPC be expecting something that 
is always present on the local network (eg. broadcasts) that are not 
transmitted over the VPN? (It's very, very unlikely to have anything to 
do with broadcasts, so please don't assume I think it does, or that this 
is the problem. I'm just using it as an example of a difference between 
local and remote networks).

I've been sweating over this for nearly a week now; any constructive 
suggestions or descriptions of similiar problems/solutions would be very 
much appreciated.

I'd just like to thank the FreeSWAN developers for providing such a 
stable ipsec implementation (it's been running faultlessly here for 
almost 3 years) and folks that create such high quality open and free 
software such as linux and ethereal - all these people make a positive 
qualitative difference to the experience of working in the IT support 
business.

Kind Regards,
Darius

More information about the Users mailing list