[Openswan Users] WinXP SP2: incomplete ISAKMP SA but certs are imported properly

Dennis Leist dl at byteeffect.de
Wed Nov 24 10:42:43 CET 2004


Jacco de Leeuw schrieb:

>
> Dennis wrote:
>
>> Client: Win XP SP2 all known bugfixes installed.
>> Server: openswan 2.1.4
>> Perfectly running with serveral winxp and w2k clients. Therfore I 
>> blame the client making troubles.
>
>
> The client is NATed. Perhaps that is contributing to the problem?
> What kernel are you using? What does your ipsec.conf look like?

Kernel : 2.6.5-7.75 on SuSE 9.1. NAT-T support ist installed and works 
nicely with a  NATed w2k-client.

ipsec.conf is as follows:

config setup       
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes
        nat_traversal=yes

conn externalWorker
        authby=rsasig
        pfs=no
        leftcert=/etc/ipsec.d/gatecert.pem
        leftprotoport=17/0
        right=%any
        rightrsasigkey=%cert
        rightcert=/etc/ipsec.d/roadwarriorCert.pem
        rightprotoport=17/1701
        auto=add
        keyingtries=3


Thanks for any help ;-)

Greets


More information about the Users mailing list