[Openswan Users] Windows Client

David Prestwich dprestwich at pacsim.com
Wed Sep 22 22:22:18 CEST 2004


Hello,

I've had great success using openswan with
site-to-site connections as well as roadwarrior
client using x509 and dhcp over ipsec.  The
windows roadwarriors have been using the ssh
sentinel version 1.4 - as many of you know this
has been discontinued so I've been trying to
find some other alternatives.  I've been trying
to work with Nate Carlson's example in getting
ipsec working with windows XP but I'm not having
much success.  Any help would be appreciated. 
The following is my configuration for the
system.

Linux Server ipsec.conf
#######################
conn roadwarrior-net
        leftsubnet=10.19.183.0/24
        also=roadwarrior

conn roadwarrior
        right=%any
        rightrsasigkey=%cert
        rightsubnet=vhost:%no,%priv
        rightid="C=US, ST=Idaho, L=Moscow,
O=Invensys Pacific Simulation,
OU=ISS, CN=David Prestwich,
E=dprestwich at pacsim.com"
        left=209.19.XXX.XXX
        leftcert=certs/liberator.pem
        pfs=yes

########################

Windows Client Configuration
########################
conn roadwarrior
	left=%any
	right=209.19.XXX.XXX
	rightca="C=US, S=Idaho, L=Moscow, O=Invensys
Pacific Simulation, OU=ISS, CN=David Prestwich,
E=dprestwich at pacsim.com"
	network=auto
	auto=start
	pfs=yes

conn roadwarrior-net
	left=%any
	right=209.19.XXX.XXX
	rightsubnet=10.19.183.0/24
	rightca="C=US, S=Idaho, L=Moscow, O=Invensys
Pacific Simulation, OU=ISS, CN=David Prestwich,
E=dprestwich at pacsim.com"
	network=auto
	auto=start
	pfs=yes
##########################

Linux secure output
##########################
Sep 22 19:44:15 liberator pluto[695]:
"roadwarrior"[6] 68.66.XXX.XXX #146115:
responding to Main Mode from unknown peer
68.66.XXX.XXX
Sep 22 19:44:15 liberator pluto[695]:
"roadwarrior"[6] 68.66.XXX.XXX #146115:
transition from state (null) to state STATE_MAIN_R1
Sep 22 19:44:15 liberator pluto[695]:
"roadwarrior"[6] 68.66.XXX.XXX #146115:
NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Sep 22 19:44:15 liberator pluto[695]:
"roadwarrior"[6] 68.66.XXX.XXX #146115:
transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Sep 22 19:44:16 liberator pluto[695]:
"roadwarrior"[6] 68.66.XXX.XXX #146115:
encrypted Informational Exchange message is
invalid because it is for
incomplete ISAKMP SA
###########################


Attached is my oakley.log file
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oakley.log
Type: application/octet-stream
Size: 12264 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040922/7ebb6245/oakley.obj


More information about the Users mailing list