[Openswan Users] Help on Windows 2003 and Openswan
Jean Khosalim
jkhosali at nps.navy.mil
Thu Feb 24 16:45:58 CET 2005
Hello,
I use Openswan on Fedora Core 2 (openswan-2.1.4-1.fc2.i386.rpm) to provide
IPSec communication between a Linux Fedora Core 2 system (client) and a
Windows 2003 (server) and it has been working. The setup uses preshared
secret and ESP (3des-sha1-96) with all protocol ports allowed.
Problem that I am encountering right now is that I need to change to allow
only web communication (HTTP port 80) to the Windows 2003 server. So I
change the filter rule on the Windows 2003 from allowing any protocol and
any port to only port 80 (source address the client system, source port any,
destination address the server system, and destination port 80). I tried
adding various combinations of leftprotoport (=tcp/0 or =tcp/80) and
rightprotoport (=tcp/80 or =tcp/0) and it is not working (can not setup
IPSec SA, ISAKMP SA is established)
Can someone help me point out what I am doing wrong?
Thank you very much,
Jean Khosalim
The following is my /etc/ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
klipsdebug=none
plutodebug=none
interfaces=%defaultroute
conn clientserver
auto=start
left=<clientIP>
right=<serverIP>
rightnexthop=<GW>
keyexchange=ike
esp=3des-sha1-96
keyingtries=5
ikelifetime=1h
keylife=1h
type=transport
disablearrivalcheck=no
authby=secret
pfs=no
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list