[Openswan Users] Help on Windows 2003 and Openswan

Jean Khosalim jkhosali at nps.navy.mil
Thu Feb 24 16:45:58 CET 2005


Hello,

I use Openswan on Fedora Core 2 (openswan-2.1.4-1.fc2.i386.rpm) to provide
IPSec communication between a Linux Fedora Core 2 system (client) and a
Windows 2003 (server) and it has been working. The setup uses preshared
secret and ESP (3des-sha1-96) with all protocol ports allowed.

Problem that I am encountering right now is that I need to change to allow
only web communication (HTTP port 80) to the Windows 2003 server. So I
change the filter rule on the Windows 2003 from allowing any protocol and
any port to only port 80 (source address the client system, source port any,
destination address the server system, and destination port 80). I tried
adding various combinations of leftprotoport (=tcp/0 or =tcp/80) and
rightprotoport (=tcp/80 or =tcp/0) and it is not working (can not setup
IPSec SA, ISAKMP SA is established)

Can someone help me point out what I am doing wrong?

Thank you very much,
Jean Khosalim

The following is my /etc/ipsec.conf:

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        klipsdebug=none
        plutodebug=none
        interfaces=%defaultroute

conn clientserver
        auto=start
        left=<clientIP>
        right=<serverIP>
        rightnexthop=<GW>
        keyexchange=ike
        esp=3des-sha1-96
        keyingtries=5
        ikelifetime=1h
        keylife=1h
        type=transport
        disablearrivalcheck=no
        authby=secret
        pfs=no

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf



More information about the Users mailing list