[Openswan Users] FW: IPsec with winXP

Zseller Tamas zse at sch.hu
Fri Oct 8 19:01:36 CEST 2004


 

Hi,

Actually, It’s not openswan, I’m using, but freeswan 2.04 on a debian sarge
2.4.27 

But maybe someone have some idea..

 

I’m trying to set up a L2TP VPN with WinXP using Jacco’s description

http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#VPNoptions

 

I configured my server exactly the way it’s said:

 

conn L2TP-PSK-orgWIN2KXPU

        #

        # Use a Preshared Key. Disable Perfect Forward Secrecy.

        #

        authby=secret

        pfs=no

        #

        left=82.141.138.146

        #

        # Required for original (non-updated) Windows 2000/XP clients.

        leftprotoport=17/1701

        #

        # The remote user.

        #

        right=152.66.209.251

        rightprotoport=17/1701

        #

        # Authorize this connection, and wait for connection from user.

        #

        auto=add

        keyingtries=0

 

 

secrets are okay.

 

my firewall has 3 network cards in it:

192.168.0.1 – internal

82.141.138.146 – external

3rd: wifi

 

Rp_filter = 0

 

 

If I rewrite the IPs to the internal one and try to connect from an internal
PC, it’s okay, SA established

Packets according to tcpdump:

 

1) XP -> linux

 Phase 1 I ident

3des –cbc MD5

3des –cbc SHA

            Des-cbc MD5

Des-cbc SHA

2) Linux -> XP

  Phase 1 I R ident

            3des-cbc

 

And it goes on
 Logs are being generated in /var/log/auth.log

 

 

When I try to do it from outside:

1) XP -> linux

 Phase 1 I ident

3des –cbc MD5

3des –cbc SHA

            Des-cbc MD5

Des-cbc SHA

 

2) Linux -> XP

  Phase 2/others I inf

            No proposal chosen

 

NO LOGs are generated even in debug mode.

 

 

I disabled all the firewall DROP rules and have default policy ACCEPT.

the test PC-s are the same; once I tried them from inside, once outside.

 

I can’t see the point.. the only difference between the internal and
external card is:

Eth0 has 3 IP aliases,

 

/etc/network/interfaces:

auto eth0

iface eth0 inet static

       address 82.141.138.146

       netmask 255.255.255.248

       network 82.141.138.144

#       broadcast 82.141.138.151

       gateway 82.141.138.145

 

auto eth0:1

iface eth0:1 inet static

        address 82.141.138.147

        netmask 255.255.255.248

        network 82.141.138.144

#        broadcast 82.141.138.

 

auto eth0:2

iface eth0:2 inet static

        address 82.141.138.148

        netmask 255.255.255.248

        network 82.141.138.144

 

auto eth1

#firewall.geomant.com

iface eth1 inet static

       address 192.168.0.1

       netmask 255.255.252.0

       broadcast 192.168.3.255

       network 192.168.0.0

 

#wifi

auto eth2

iface eth2 inet static

       address 192.168.4.1

       netmask 255.255.255.0

       network 192.168.4.0

       broadcast 192.168.4.255

 

can it be the problem? 

Any help would be appreciated.. I feel, I’m not dumb to IPsec and freeswan,
I already use it for site-site VPNs, but 

I don’t have a clue now

 

 Thanks

 

 tamas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20041008/d6286181/attachment-0001.htm


More information about the Users mailing list