[Openswan Users] Problems connecting to OpenSwan setup using x509
Certs
Daniel Bartlett
dbartlett at pmsi-consulting.com
Thu Oct 14 18:24:31 CEST 2004
Hi,
Yep it is XP + SP2.
Sorry I had forgotten to mention that I had figured that was the
problem.
Since I have been trying with the 2.3.0dr1 release(wanting the ipsecX
interfaces) when I added the specific protocol/port(17/1701) I got a
kernel panic!
So I am currently recompiling a normal kernel with none of the patches
in and will try that.
Am I correct in thinking that if I do not specify any protocol/port then
all will be allowed?? Or is it "better" to specify %all/%all ??
Also I have reduced the config quite a bit... If anyone has got
suggestions on a better one I'd love to hear it.
[root at fedora-1 OpenSwan]# cat /etc/ipsec.conf
version 2.0
config setup
interfaces="ipsec0=eth0 ipsec2=eth2"
klipsdebug=none
plutodebug=none
virtual_private=%v4:192.168.42.0/24
conn %default
compress=yes
authby=rsasig
keyexchange=ike
rightrsasigkey=%cert
rightca=%same
leftcert=vpn.pmsi-consulting.com.pem
auto=add
conn lt2p
pfs=no
right=%any
left=192.168.42.250
leftprotoport=17/1701
rightprotoport=17/1701
Cheers,
Daniel.
-----Original Message-----
From: Mailer [mailto:mailing at i4technologies.net]
Sent: 14 October 2004 16:53
To: Daniel Bartlett; users at openswan.org
Subject: RE: [Openswan Users] Problems connecting to OpenSwan setup
using x509 Certs
Dan,
HTH
"cannot respond to IPsec SA request because no connection is known for"
<<< thats your problem.
Looks like your connecting in via XP SP2 (at least, I hope you are
otherwise it wont work without that MS patch 818043) using L2TP/IPSec,
right?
If so, get rid the right/leftsubnet rubbish, L2TP assigns that and only
complicates things.
Also, whats this leftprotoport=0/0 ? you trying to use wildcards?
leftprotoport=0/0
rightprotoport=0/0
Perhaps this should be
leftprotoport=17/1701
rightprotoport=17/1701
Can others confirm?
Dan
More information about the Users
mailing list