[Openswan Users] Help with WinXP behind NAT as client

Leonard Tulipan l.tulipan at mpwi.at
Thu Mar 25 16:15:51 CET 2004 

I have - for the moment - given up on using freeswan and the WinXP native client.

I reverteted too freeswan and when I connect directly so:

WinXP -> Modem -> Internet -> IPsec Gateway

I get:
Mar 25 16:04:01 firewall pluto[11809]: Starting Pluto (FreeS/WAN Version 2.05 X.509-1.5.3 PLUTO_USES_KEYRR)
Mar 25 16:04:01 firewall pluto[11809]: Using KLIPS IPsec interface code
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 25 16:04:01 firewall pluto[11809]:   loaded CA cert file 'cacert.pem' (1180 bytes)
Mar 25 16:04:01 firewall pluto[11809]: Could not change to directory '/etc/ipsec.d/aacerts'
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/ocspcerts'
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/crls'
Mar 25 16:04:02 firewall pluto[11809]: listening for IKE messages
Mar 25 16:04:02 firewall pluto[11809]: adding interface ipsec0/ppp0 200.200.200.200
Mar 25 16:04:02 firewall pluto[11809]: loading secrets from "/etc/ipsec.secrets"
Mar 25 16:04:02 firewall pluto[11809]:   loaded private key file '/etc/ipsec.d/private/GatewayKey.pem' (963 bytes)
Mar 25 16:04:14 firewall pluto[11809]: packet from 212.183.122.53:500: ignoring Delete SA payload: not encrypted
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: @H7Un<h\005%g^\177
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: \020K
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: &$M8m[a3\027*6cPO8\031
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: initial Main Mode message received on 213.229.22.94:500 but no connection has been authorized

The ipsec.conf is:
version 2.0

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes
conn %default
      keyingtries=1
      disablearrivalcheck=no
      authby=rsasig
      rightrsasigkey=%cert
      leftrsasigkey=%cert
      compress=yes
      auto=add
      left=%defaultroute
      leftcert=GatewayCert.pem
      leftupdown=/usr/local/lib/ipsec/_updown_x509
conn xp-n2n
      right=%any
      rightid="C=AT, L=Wien, O=Schneller Scharau 5th Mind, CN=VPNusr1"
      leftsubnet=192.168.118.0/24
      rightsubnet=%any
      pfs=yes
# OE policy groups are disabled by default
conn block
        auto=ignore
conn clear
        auto=ignore
conn private
        auto=ignore
conn private-or-clear
        auto=ignore
conn clear-or-private
        auto=ignore
conn packetdefault
        auto=ignore

So am I doing something completely wrong?

What other WinXP -> Freeswan setups do you know of (like a cheap and easy to setup client software)

Cheers
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040325/b1468703/attachment.htm

More information about the Users mailing list