[Openswan Users] Connecting to Openswan from Windows XP Pro
John A. Sullivan III
jsullivan at opensourcedevel.com
Thu Jul 21 09:42:09 CEST 2005
On Wed, 2005-07-20 at 11:38 -0400, Tim P wrote:
> Ok I have seen multiple threads and have been through google but I
> haven't been able to figure it out.
>
> I am trying to use the standard setup in windows xp pro to get a vpn
> connection functioning (ipsec over L2TP)
>
> I created a certificate (p12 format) from my certificate authority.
> Imported it into windows using the MMC method described here:
> http://www.natecarlson.com/linux/ipsec-x509.php
>
> The server is also configured with that site's config as a template
> However instead of downloading the 3rd party ipsec client I was hoping
> that I could use the built-in windows vpn client. I am running xp
> professional with sp2 and the firewall disabled.
>
> I create a new vpn connection to the server by going to start/control
> panel/network connections
> Add New Connection
> Choose to "Connect to the network at my workplace"
> Choose "Virtual Private Network connection"
> Enter the companyname
> Choose not to dial the initail connection
> Enter the ip address of the vpn server (192.168.1.254 - my test network)
> Choose to leave it as "My Use only"
> Finish the wizard
>
> When the box opens (prompts for username/pass) click Properties
> On the Options tab uncheck "prompt for username, password, certificate, etc)
> On the Security tab leave as typlical but uncheck "require data encryption"
> on the Networking tab under the VPN heading change it to L2TP IPSEC VPN
>
> When I try to connect I get "Security Negotiation Timed out"
>
<snip>
I've only had a chance to quickly look at this but I would suspect
cannot respond to IPsec SA request because no connection is known
for 192.168.1.254[C=US, ST=Washington, L=Seattle, O=company,
OU=Support, CN=redguard.company.net,
E=user at company.com]:17/1701...192.168.1.102[C=US, ST=Washington,
L=Seattle, O=company, OU=Support, CN=machine.company.com,
E=email at company.com]:17/1701
is your problem. It doesn't like something in that definition. Either
the DN, protocols or addresses. For example, what is your leftsubnet?
Hope this helps - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net
More information about the Users
mailing list