[Openswan Users] Help for Pocket PC 2003
Michael Tinsay
tinsami1 at yahoo.com
Thu Aug 25 04:09:59 CEST 2005
Hi all,
At the moment, I have three sites connecting to each
other using OpenSWAN.
Now, I have a need to connect PocketPC-based clients
for our field guys.
I've read and followed Jacco's and Nate Carlson's
various instructions. And even read Nate Carlson's
writings on the matter. The problem is the PocketPC
client (an O2 Xda II mini running Windows Mobile 2003
Second Edition) is not able to establish a session
with openswan. Below are the related log entries from
/var/log/secure:
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload
[FRAGMENTATION]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
Aug 25 09:05:57 EDP-018631 pluto[4851]: packet from
202.57.98.70:12563: ignoring Vendor ID payload
[26244d38eddb61b3172a36e3d0cfb819]
Aug 25 09:05:57 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: responding to
Main Mode from unknown peer 202.57.98.70:12563
Aug 25 09:05:57 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: transition
from state (null) to state STATE_MAIN_R1
Aug 25 09:05:59 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Aug 25 09:05:59 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 25 09:07:09 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563 #2: max number of
retransmissions (2) reached STATE_MAIN_R2
Aug 25 09:07:09 EDP-018631 pluto[4851]:
"roadwarrior"[2] 202.57.98.70:12563: deleting
connection "roadwarrior" instance with peer
202.57.98.70 {isakmp=#0/ipsec=#0}
I have tested the config using a WinXP client, and I'm
able to establish a connection.
Below is my ipsec.conf:
# basic configuration
config setup
forwardcontrol=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
conn roadwarrior
authby=secret
pfs=no
left=203.131.111.44
leftprotoport=17/1701
#
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
#
auto=add
keyingtries=3
compress=no
My test server is running on Trustix v2.2, kernel
2.4.31, and openswan 2.2.0
I hope somebody out there can help me.
Thanks in advance.
--- mike tinsay
Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the Users
mailing list