[Openswan Users] Please, please help! WinXP Roadwarrior won't
connect! (logs included)
Karim 'Kasi Mir' Senoucci
kasi.mir at melzone.de
Fri Aug 13 13:55:39 CEST 2004
Hello Trevor,
On Fri, 13 Aug 2004 trevor-os at thennion.demon.co.uk wrote:
[...]
>My guess is you have TWO errors -
>The XP Certificate is not being found - the Oakley log gives an error.
>Make sure the details in the XP ipsec.conf file are correct. The certificates
>appear to be installed OK, but the XP system is not finding the certificates
>with the info in it's ipsec.conf file.
My problem is that I've already checked them like twenty times (and
deleted and re-included them thrice now) and CANNOT for the life of me
find any BIT of the name of the certificates that's wrong. Plus, they
appear to be in *perfectly* the right place.
Isn't there any way to find out *why* XP cannot find the certificate it
claims to have included? Or do I have to delete and re-include them for
all eternity, until it works?
I should add that two other people have tried to get a WinXP VPN
connection to that same server working, using the instructions
vpn.ebootis.de independently of me and without my intervention. They
have *exactly* the same problems as me here.
[...]
>In the Linux /etc/ipsec.conf file there is no mention of 192.168.13.13 which
>appears at the end of the Oakley log, and I assume if the XP's local IP
>address.
Yes, it is - my XP system is behind a firewall with VPN passthrough
active.
But why should it be mentioned on the Linux side? The connection
descriptions all have
| right=%any
or
| right=%any
| rightsubnetwithin=192.168.0.0/16
Isn't that enough?
[...]
>I have a VPN system running which works with Linux, W2k and XP machines quite
>happily. Uses individual X509 certificates not PSK though.
That's *exactly* the configuration I'm trying to het working here. We
use X509 certs, too - and the linux machines don't have any problems at
all. We're *not* using PSK.
Greetings
Karim Senoucci
More information about the Users
mailing list