[Openswan Users] Please, please help! WinXP Roadwarrior won't connect! (logs included)

Karim 'Kasi Mir' Senoucci kasi.mir at melzone.de
Fri Aug 13 13:55:39 CEST 2004


Hello Trevor,
On Fri, 13 Aug 2004 trevor-os at thennion.demon.co.uk wrote:

[...]
>My guess is you have TWO errors -
>The XP Certificate is not being found - the Oakley log gives an error.
>Make sure the details in the XP ipsec.conf file are correct. The certificates
>appear to be installed OK, but the XP system is not finding the certificates
>with the info in it's ipsec.conf file.

My problem is that I've already checked them like twenty times (and
deleted and re-included them thrice now) and CANNOT for the life of me
find any BIT of the name of the certificates that's wrong. Plus, they
appear to be in *perfectly* the right place.

Isn't there any way to find out *why* XP cannot find the certificate it
claims to have included? Or do I have to delete and re-include them for
all eternity, until it works?

I should add that two other people have tried to get a WinXP VPN
connection to that same server working, using the instructions
vpn.ebootis.de independently of me and without my intervention. They
have *exactly* the same problems as me here.


[...]
>In the Linux /etc/ipsec.conf file there is no mention of  192.168.13.13 which
>appears at the end of the Oakley log, and I assume if the XP's local IP
>address.

Yes, it is - my XP system is behind a firewall with VPN passthrough
active.

But why should it be mentioned on the Linux side? The connection
descriptions all have

|    right=%any

or

|    right=%any
|    rightsubnetwithin=192.168.0.0/16

Isn't that enough?

[...]
>I have a VPN system running which works with Linux, W2k and XP machines quite
>happily.  Uses individual X509 certificates not PSK though.

That's *exactly* the configuration I'm trying to het working here. We
use X509 certs, too - and the linux machines don't have any problems at
all. We're *not* using PSK.


Greetings
Karim Senoucci



More information about the Users mailing list