[Openswan Users]
Problems with WIndows XP roadwarrior and openswan gateway using
X.509 Certs
Mike McLean
libolt at libolt.net
Mon Sep 13 16:57:18 CEST 2004
Hi,
I have a Windows XP machine that I'm setting up as a roadwarrior
connecting to an Openswan based gateway, which resides on the same
subnet. I'm using the ipsec.exe tool and have tried to follow Nate
Carlson's howto, but I am not getting any connection.
I run ipsec.exe and everything appears to go ok, but I can't ping a
machine behind the openswan gateway. Running ipsec barf, on the
openswan gateway doesn't show any connection attempt, so I'm guessing
something's wrong on the XP side.
I have imported the certificate on the XP machine after converting it to
a .p12 file.
The following is my ipsec.conf for the XP machine.
conn kift-vpntestbox
left=%any
right=192.168.4.9
rightca="C=US, S=Arizona, L=Phoenix, O=Century 21 Metro Alliance,
CN=metro.libolt.net, Email=libolt at libolt.net"
network=auto
auto=start
pfs=yes
conn kift-vpntestbox-net
left=%any
right=192.168.4.9
rightsubnet=192.168.25.0/255.255.255.0
rightca="C=US, S=Arizona, L=Phoenix, O=Century 21 Metro Alliance,
CN=metro.libolt.net, Email=libolt at libolt.net"
network=auto
auto=start
pfs=y
The following is my ipsec.conf portion for the openswan system
conn kift-vpntestbox
right=%any
rightsubnet=192.168.24.0/24
rightcert=kift.libolt.net.pem
left=%defaultroute
leftsubnet=192.168.25.0/24
leftcert=vpntestbox.libolt.net.pem
auto=add
pfs=yes
conn kift-vpntestbox-net
leftsubnet=192.168.25.0/24
also=kift-vpntestbox
Any help is greatly appreciated.
Mike
More information about the Users
mailing list