[Openswan Users] Problems - Openswan 2.1.1 + Windows XP Home

Radovan Bukoci radobukoci at nextra.sk
Sat May 1 15:13:58 CEST 2004


Hallo,

It is 5 days that I am trying to setup VPN connection from Openswan to 
Windpws XP Home. Not yet working. I have some questions + notes:

(I use Slackware 9.1, with my own build of 2.4.25. Compilation of 
Openswan 2.1.1 went OK. I carried out the procedure from Nate Carlson).

After doing all, Windows ping says several times "Negotiating ip 
security", then "Request timed out" forever. At the same time, pluto 
complaints it cannot find the 'ip' command, and  after 20 seconds 
removes the SA.

Question: what do I have to install, to have the 'ip' command on my 
system? Maybe that command is the only thing I miss.

my `ipsec verify` is here:

------------------------
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                         [OK]
Linux FreeS/WAN 2.1.1 (klips)
Checking for IPsec support in kernel                                    [OK]
Checking for RSA private key (/etc/ipsec.secrets)                       
[FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                          [OK]
Two or more interfaces found, checking IP forwarding                    [OK]
Checking NAT and MASQUERADEing                                  
Checking for 'ip' command                                               
[FAILED]
which: no ip in 
(/sbin:/usr/bin:/usr/local/sbin:/usr/local/sbin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin)
Checking for 'iptables' command                                         [OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: server                          
[MISSING]
   Does the machine have at least one non-private address?              [OK]
   Looking for TXT in reverse dns zone: 61.22.81.212.in-addr.arpa.      
[MISSING]
------------------------

Question: What's wrong with my ipsec.secrets ? (it is made after Nate 
Calrson procedure). It follows:

------------------------
%any: RSA server.dulaknet.sk.key "blabla"
------------------------

Question: I hope I don't need that [MISSING] stuff when I don't want 
Opportunistic Encryption.

Here is my ipsec.conf, maybe some error is also there:

------------------------
version 2.0     # conforms to second version of ipsec.conf specification

config setup
    dumpdir=/tmp/dump
    interfaces=%defaultroute
    klipsdebug=none
    plutodebug=none
    #plutoload=%search
    #plutostart=%search
    uniqueids=yes

conn %default
    keyingtries=1
    compress=yes
    disablearrivalcheck=no
    auth=esp
    #authby=secret
    authby=rsasig
    leftrsasigkey=%cert
    rightrsasigkey=%cert

include /etc/ipsec.d/examples/no_oe.conf

conn roadwarrior-net
    leftsubnet=10.0.0.0/24
    also=roadwarrior

conn roadwarrior
    left=%defaultroute
    leftcert=server.dulaknet.sk.pem
    right=%any
    rightcert=fujitsu.autoparts.sk.pem
    auto=add
------------------------


Please let me know, if You need some more outputs from my system to find 
out the problem (barf for example, but it seemed to me too long to spam 
You with it unnecesarily).

     Thank You.

           Rado


More information about the Users mailing list