[Openswan Users] WinXP SP2: incomplete ISAKMP SA but certs are
imported properly
Dennis Leist
dl at byteeffect.de
Wed Nov 24 10:42:43 CET 2004
Jacco de Leeuw schrieb:
>
> Dennis wrote:
>
>> Client: Win XP SP2 all known bugfixes installed.
>> Server: openswan 2.1.4
>> Perfectly running with serveral winxp and w2k clients. Therfore I
>> blame the client making troubles.
>
>
> The client is NATed. Perhaps that is contributing to the problem?
> What kernel are you using? What does your ipsec.conf look like?
Kernel : 2.6.5-7.75 on SuSE 9.1. NAT-T support ist installed and works
nicely with a NATed w2k-client.
ipsec.conf is as follows:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
nat_traversal=yes
conn externalWorker
authby=rsasig
pfs=no
leftcert=/etc/ipsec.d/gatecert.pem
leftprotoport=17/0
right=%any
rightrsasigkey=%cert
rightcert=/etc/ipsec.d/roadwarriorCert.pem
rightprotoport=17/1701
auto=add
keyingtries=3
Thanks for any help ;-)
Greets
More information about the Users
mailing list