[Openswan Users] WindowsXP Clients?

Leonard Tulipan l.tulipan at mpwi.at
Fri Mar 26 10:31:00 CET 2004 

Now that's cool. That tool actually works and sets up a connection (when I
few it in the MMC)
But still I get this in my /var/log/secure

Mar 26 09:34:05 firewall pluto[20555]: packet from 62.99.195.186:500:
received Vendor ID Payload; ASCII hash: \036+Qi\005\031\034}|\026|?5\007da
Mar 26 09:34:05 firewall pluto[20555]: packet from 62.99.195.186:500:
received Vendor ID Payload; ASCII hash: @H7Un<h\005%g^\177
Mar 26 09:34:05 firewall pluto[20555]: packet from 62.99.195.186:500:
received Vendor ID Payload; ASCII hash: \020K
Mar 26 09:34:05 firewall pluto[20555]: packet from 62.99.195.186:500:
received Vendor ID Payload; ASCII hash: &$M8m[a3\027*6cPO8\031
Mar 26 09:34:05 firewall pluto[20555]: packet from 62.99.195.186:500:
initial Main Mode message received on 213.229.22.94:500 but no connection
has been authorized
Mar 26 09:34:08 firewall pluto[20555]: packet from 62.99.195.186:500:
ignoring Delete SA payload: not encrypted

So maybe my ipsec ist completely wrong?
Can anybody help me with the links to those how-to's. So far I only found
(and have already read thru) Nate's
http://www.freeswan.org/freeswan_trees/freeswan-2.05/doc/interop.html

Cheers
Leonard

----- Original Message ----- 
From: "Nate Carlson" <natecars at natecarlson.com>
To: "Trevor Benson" <tbenson at a-1networks.com>
Cc: "Leonard Tulipan" <l.tulipan at mpwi.at>; <users at lists.openswan.org>
Sent: Thursday, March 25, 2004 7:15 PM
Subject: RE: [Openswan Users] WindowsXP Clients?


> On Thu, 25 Mar 2004, Trevor Benson wrote:
> > Look at Nate Carlson, Martin Koeppe, and Jacco De Leeuw's howto's for
> > Windows Native Clients with IPSec.  It can be one, but windows native
> > expects L2TP, so unless you have a MS RRAS server behind your tunnel,
> > you need to use a ipsec.exe binary to strip out the l2tp from microsofts
> > clients, but it does work for free :-)
>
> Actually, that's not totally accurate - Windows *does* have built-in IPSec
> support, they just don't have a dialer that does IPSec-only. All ipsec.exe
> does is use Microsoft's command-line tool for configuring the IPSec
> connections. There is a gui alternative to ipsec.exe, but I haven't yet
> tried it:
>
> http://sourceforge.net/projects/ivpn/
>
> Also, you don't need a MS RAS server -- you can easily use l2tpd (free
> daemon) on your VPN gateway to terminate L2TP connections, and use MS's
> built-in L2TP-over-IPSec client.
>
> ------------------------------------------------------------------------
> | nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
> |       depriving some poor village of its idiot since 1981            |
> ------------------------------------------------------------------------
>

More information about the Users mailing list