[Openswan Users] freeswan-1.99: cannot respond to IPsec SA
Dennis Leist
dl at byteeffect.de
Tue Mar 30 00:31:48 CEST 2004
Jacco de Leeuw schrieb:
>
> Dennis Leist wrote:
>
>> vpnserver pluto[27464]: "w2k-client"[5] 213.39.182.221 #3: only
>> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported. Attribute
>> OAKLEY_GROUP_DESCRIPTION
>
>
> Is this with XP or W2K? If it is the latter, then you need to install
> at least Service Pack 2 to upgrade the encryption strength. I was
> going to ask if you had disabled PFS but since you are using L2TP
> over IPsec I assume you used the New Connection Wizard, which
> disables PFS by default.
It is W2k SP4 (!). And I used the Connection Wizard.
>
>> I'd like to use options number 2 ;-) cause I tried Marcus Mueller'S
>> ipsec.exe - it didn't do anything!
>
>
> With ipsec.exe the connection is started only when there is traffic
> (e.g. when you ping the remote network).
That was funny. I started ipsec.exe and about 4 sec later it ended
though pinging the network.
>
>> Which option is used to activate NAT-T on the server?
>
>
> nat_traversal=yes
I assumed so. But as I mentioned I downgraded to ver. 1.99 to avoid
kernel compiling.
Nevertheless: nat_traversal=yes is an unknown option in this version
(freeswan-1.99_0.9.34-80).
I read (http://www.suse.de/~garloff/linux/FreeSWAN/) that NAT-T is NOT
included in SUSE-kernels.
My question is:
What is the easier way? Try to install the NAT-T patch in the kernel and
use the freeswan-1.99_0.9.34-80
or shall I use openswan-2.1.1?
Greets Dennis
More information about the Users
mailing list