[Openswan Users] Help for Pocket PC 2003

Michael Tinsay tinsami1 at yahoo.com
Thu Aug 25 04:09:59 CEST 2005 

Hi all,

At the moment, I have three sites connecting to each
other using OpenSWAN.

Now, I have a need to connect PocketPC-based clients
for our field guys.

I've read and followed Jacco's and Nate Carlson's
various instructions.  And even read Nate Carlson's
writings on the matter.  The problem is the PocketPC
client (an O2 Xda II mini running Windows Mobile 2003
Second Edition) is not able to establish a session
with openswan.  Below are the related log entries from
/var/log/secure:


Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload
[FRAGMENTATION]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload
[26244d38eddb61b3172a36e3d0cfb819]
Aug 25 09:05:57 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: responding to
Main Mode from unknown peer 202.57.98.70:12563
Aug 25 09:05:57 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: transition
from state (null) to state STATE_MAIN_R1
Aug 25 09:05:59 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Aug 25 09:05:59 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 25 09:07:09 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: max number of
retransmissions (2) reached STATE_MAIN_R2
Aug 25 09:07:09 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563: deleting
connection "roadwarrior" instance with peer
202.57.98.70 {isakmp=#0/ipsec=#0}


I have tested the config using a WinXP client, and I'm
able to establish a connection.

Below is my ipsec.conf:

# basic configuration
config setup
        forwardcontrol=yes
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

conn roadwarrior
        authby=secret
        pfs=no
        left=203.131.111.44
        leftprotoport=17/1701
        #
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        #
        auto=add
        keyingtries=3
        compress=no


My test server is running on Trustix v2.2, kernel
2.4.31,  and openswan 2.2.0

I hope somebody out there can help me.

Thanks in advance.


--- mike tinsay

Send instant messages to your online friends http://uk.messenger.yahoo.com

More information about the Users mailing list