[Openswan Users] Please, please help! WinXP Roadwarrior won't connect! (logs included)

Karim 'Kasi Mir' Senoucci kasi.mir at melzone.de
Fri Aug 13 13:55:39 CEST 2004

Hello Trevor,
On Fri, 13 Aug 2004 trevor-os at thennion.demon.co.uk wrote:

>My guess is you have TWO errors -
>The XP Certificate is not being found - the Oakley log gives an error.
>Make sure the details in the XP ipsec.conf file are correct. The certificates
>appear to be installed OK, but the XP system is not finding the certificates
>with the info in it's ipsec.conf file.

My problem is that I've already checked them like twenty times (and
deleted and re-included them thrice now) and CANNOT for the life of me
find any BIT of the name of the certificates that's wrong. Plus, they
appear to be in *perfectly* the right place.

Isn't there any way to find out *why* XP cannot find the certificate it
claims to have included? Or do I have to delete and re-include them for
all eternity, until it works?

I should add that two other people have tried to get a WinXP VPN
connection to that same server working, using the instructions
vpn.ebootis.de independently of me and without my intervention. They
have *exactly* the same problems as me here.

>In the Linux /etc/ipsec.conf file there is no mention of which
>appears at the end of the Oakley log, and I assume if the XP's local IP

Yes, it is - my XP system is behind a firewall with VPN passthrough

But why should it be mentioned on the Linux side? The connection
descriptions all have

|    right=%any


|    right=%any
|    rightsubnetwithin=

Isn't that enough?

>I have a VPN system running which works with Linux, W2k and XP machines quite
>happily.  Uses individual X509 certificates not PSK though.

That's *exactly* the configuration I'm trying to het working here. We
use X509 certs, too - and the linux machines don't have any problems at
all. We're *not* using PSK.

Karim Senoucci

More information about the Users mailing list