AW: [Openswan Users] Openswan <--> XP problem

Fri Jun 25 12:50:37 CEST 2004

users-bounces at lists.openswan.org wrote:
> On Thu, 24 Jun 2004, Daniel Hanke wrote:
>> I'm trying to configure a Windows XP Client to connect to my openswan
>> Gateway. I have Openswan 2.1.3 and configured it like explained in
>> http://www.natecarlson.com/linux/ipsec-x509.php but is doesn't work.
>> It looks like the both sites are communicating but no connection is
>> established.  Ipsec auto --status shows only: "road" 172.23.1.31
>> STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 8s
>> "road" 172.23.1.31 STATE_MAIN_R1 (sent MR1, expecting MI2);
>> EVENT_RETRANSMIT in 8s Does anybody has a hint for me?
> 
> What are you seeing on the Windows side?
> 

Not much but on the Linux side in /var/log/secure:

....
Jun 25 11:36:45 localhost pluto[7040]: | certificate is valid
Jun 25 11:36:45 localhost pluto[7040]: | issuer cacert found
....
Jun 25 11:36:46 localhost pluto[7040]: | certificate signature is valid
Jun 25 11:36:46 localhost pluto[7040]: | issuer crl found
....
Jun 25 11:36:46 localhost pluto[7040]: | crl signature is valid
Jun 25 11:36:46 localhost pluto[7040]: | serial number:  02
....
Jun 25 11:36:46 localhost pluto[7040]: | crl is valid
....
Jun 25 11:36:46 localhost pluto[7040]: "road"[2] *.*.*.* #3: no suitable
connection for peer '*snip*'
Jun 25 11:36:46 localhost pluto[7040]: | state transition function for
STATE_MAIN_R2 failed: INVALID_ID_INFORMATION

For me it looks good until the line "no suitable connection..." appears. Any
ideas, hints? 

Thanks
Daniel