[Openswan Users] Help with WinXP behind NAT as client
Leonard Tulipan
l.tulipan at mpwi.at
Thu Mar 25 16:15:51 CET 2004
I have - for the moment - given up on using freeswan and the WinXP native client.
I reverteted too freeswan and when I connect directly so:
WinXP -> Modem -> Internet -> IPsec Gateway
I get:
Mar 25 16:04:01 firewall pluto[11809]: Starting Pluto (FreeS/WAN Version 2.05 X.509-1.5.3 PLUTO_USES_KEYRR)
Mar 25 16:04:01 firewall pluto[11809]: Using KLIPS IPsec interface code
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 25 16:04:01 firewall pluto[11809]: loaded CA cert file 'cacert.pem' (1180 bytes)
Mar 25 16:04:01 firewall pluto[11809]: Could not change to directory '/etc/ipsec.d/aacerts'
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/ocspcerts'
Mar 25 16:04:01 firewall pluto[11809]: Changing to directory '/etc/ipsec.d/crls'
Mar 25 16:04:02 firewall pluto[11809]: listening for IKE messages
Mar 25 16:04:02 firewall pluto[11809]: adding interface ipsec0/ppp0 200.200.200.200
Mar 25 16:04:02 firewall pluto[11809]: loading secrets from "/etc/ipsec.secrets"
Mar 25 16:04:02 firewall pluto[11809]: loaded private key file '/etc/ipsec.d/private/GatewayKey.pem' (963 bytes)
Mar 25 16:04:14 firewall pluto[11809]: packet from 212.183.122.53:500: ignoring Delete SA payload: not encrypted
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: @H7Un<h\005%g^\177
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: \020K
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: received Vendor ID Payload; ASCII hash: &$M8m[a3\027*6cPO8\031
Mar 25 16:04:47 firewall pluto[11809]: packet from 212.183.122.53:500: initial Main Mode message received on 213.229.22.94:500 but no connection has been authorized
The ipsec.conf is:
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
conn %default
keyingtries=1
disablearrivalcheck=no
authby=rsasig
rightrsasigkey=%cert
leftrsasigkey=%cert
compress=yes
auto=add
left=%defaultroute
leftcert=GatewayCert.pem
leftupdown=/usr/local/lib/ipsec/_updown_x509
conn xp-n2n
right=%any
rightid="C=AT, L=Wien, O=Schneller Scharau 5th Mind, CN=VPNusr1"
leftsubnet=192.168.118.0/24
rightsubnet=%any
pfs=yes
# OE policy groups are disabled by default
conn block
auto=ignore
conn clear
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn packetdefault
auto=ignore
So am I doing something completely wrong?
What other WinXP -> Freeswan setups do you know of (like a cheap and easy to setup client software)
Cheers
Leonard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040325/b1468703/attachment.htm
More information about the Users
mailing list