[Openswan Users] Problems - Openswan 2.1.1 + Windows XP Home
Radovan Bukoci
radobukoci at nextra.sk
Sat May 1 15:13:58 CEST 2004
Hallo,
It is 5 days that I am trying to setup VPN connection from Openswan to
Windpws XP Home. Not yet working. I have some questions + notes:
(I use Slackware 9.1, with my own build of 2.4.25. Compilation of
Openswan 2.1.1 went OK. I carried out the procedure from Nate Carlson).
After doing all, Windows ping says several times "Negotiating ip
security", then "Request timed out" forever. At the same time, pluto
complaints it cannot find the 'ip' command, and after 20 seconds
removes the SA.
Question: what do I have to install, to have the 'ip' command on my
system? Maybe that command is the only thing I miss.
my `ipsec verify` is here:
------------------------
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux FreeS/WAN 2.1.1 (klips)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets)
[FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command
[FAILED]
which: no ip in
(/sbin:/usr/bin:/usr/local/sbin:/usr/local/sbin:/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin)
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: server
[MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 61.22.81.212.in-addr.arpa.
[MISSING]
------------------------
Question: What's wrong with my ipsec.secrets ? (it is made after Nate
Calrson procedure). It follows:
------------------------
%any: RSA server.dulaknet.sk.key "blabla"
------------------------
Question: I hope I don't need that [MISSING] stuff when I don't want
Opportunistic Encryption.
Here is my ipsec.conf, maybe some error is also there:
------------------------
version 2.0 # conforms to second version of ipsec.conf specification
config setup
dumpdir=/tmp/dump
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
#plutoload=%search
#plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
auth=esp
#authby=secret
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf
conn roadwarrior-net
leftsubnet=10.0.0.0/24
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=server.dulaknet.sk.pem
right=%any
rightcert=fujitsu.autoparts.sk.pem
auto=add
------------------------
Please let me know, if You need some more outputs from my system to find
out the problem (barf for example, but it seemed to me too long to spam
You with it unnecesarily).
Thank You.
Rado
More information about the Users
mailing list