[Openswan Users] WinXP SP2 Installation breaks x.509 ipsec
functionality
Uwe Knop
Uwe.Knop at lds.brandenburg.de
Fri Oct 15 09:44:29 CEST 2004
Hallo Dieter,
i had this problem for weeks.
Microsoft has change the certificate-search in the certificate tree.
my solution , we must change the DNS Name "rightca=..." in ipsec.conf
.
ours certificate is in two stages.
MS change from "between certificates" to "root certificates" in the DNS
Name.
Hope i can help you
Uwe
>>> Dieter Kastrau <kastrau at forsec.de> 14.10.04 16:15:22 >>>
Dear all,
I searched this list and other related ones,
but found no solution:
with winxp sp1 and Marcus Muellers ipsec tool,
I had a perfectly working VPN/ipsec roadwarrior connection to
openswan.
after installing winxp sp2 (and changing nothing else),
my simple winxp roadwarrior<-> openswan configuration (no NAT-T)
stops working.(A friend of mine could reproduce this sp2 problem)
with sp2, I just get to this point:
Oct 14 15:00:43 pois2 pluto[12889]: "test"[1] 192.168.200.8 #1: sent
MR3, ISAKMP SA established
and udp port 500 packets are flowing. last packet comes from the
openswan side,
then no more replies from winxp sp2...
Nothing else happens, no esp packets and no IPSEC SA established.
Like some people suggested,
I disabled winxp sp2 firewall=> still the same problem.
Has anyone heard of similar problems?
I am really clueless at the moment :-[
Thanks a lot
Dieter
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list