[Openswan Users] packet rejected: should have been encrypted
- more logs
Bram Bouwens
bbouwens at xs4all.nl
Mon Jul 4 23:59:00 CEST 2005
Bram Bouwens wrote:
> Jacco de Leeuw wrote:
>
>> Bram Bouwens schreef:
>>
>>> I'm now trying to work out a setup for our Windows addicts.
>>> In the test setup I have a Windows XP machine behind a NAT
>>> gateway. I'm following
>>> http://www.natecarlson.com/linux/ipsec-x509.php .
>>
>>
>>
>> I don't know if this causes your problem but your subnet is not excluded:
>>
>>>
>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>>
>>
>>
>>
>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,
>> %v4:!192.168.0.0/24
>>
>> Jacco
>
>
> After looking up some documentation (it's not in the ipsec.conf
> man page but in /usr/share/doc/packages/openswan/README.NAT-Traversal)
> I agree with this exclusion. But I do not yet see this being related
> to the issue at hand (I might have struck on it later :)
>
I tried this fix. But it does not matter much.
For a more complete picture:
- the openswan ipsec.conf at http://80.126.5.18/ipsec.conf
- the openswan log at http://80.126.5.18/secure.log (why does Pluto restart????)
- the windows ipsec.conf at http://80.126.5.18/winipsec.conf
- the windows oakley log at http://80.126.5.18/oakley.log (GetPacket failed? CertFindExtenstion failed?)
I really don't see what's happening. I have been running freeswan/openswan
for 4 years (linux-linux) with hardly any trouble, but this is pretty vague to me.
Bram
More information about the Users
mailing list