[Openswan Users]
win2K client to Openswan 2.3.0 via x.590 Help Needed
Darren Ellis
darren at ieworks.net
Thu May 26 12:10:03 CEST 2005
Hi,
I'm trying to create a tunnel to a slackware linux router running
openswan 2.3.0. I've followed the instructions in
http://www.natecarlson.com/linux/ipsec-x509.php as far as I understand.
I do not have the Win2K netdiag command available to me.
I believe that the server connection (left) is waiting for some sort of
response from the windows client (right).
Can someone out there tell me what I've missed? The IRC channel is dry,
and google isn't helping either.
Thanks!
Darren
Log excerpt:
May 26 10:54:44 uectech pluto[8882]: added connection description "dgevpn"
May 26 10:55:00 uectech pluto[8882]: "dgevpn" #43: initiating Main Mode
May 26 10:55:10 uectech pluto[8882]: "dgevpn" #43: ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000002]
May 26 10:55:10 uectech pluto[8882]: "dgevpn" #43: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
May 26 10:55:10 uectech pluto[8882]: "dgevpn" #43: I am sending my cert
May 26 10:55:10 uectech pluto[8882]: "dgevpn" #43: I am sending a
certificate request
May 26 10:55:10 uectech pluto[8882]: "dgevpn" #43: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
May 26 10:56:20 uectech pluto[8882]: "dgevpn" #43: max number of
retransmissions (2) reached STATE_MAIN_I3. Possible authentication
failure: no acceptable response to our first encrypted message
May 26 10:57:24 uectech pluto[8882]: "dgevpn": deleting connection
Here are the relevent sections of /etc/ipsec.conf:
root at uectech:~# cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parse"
plutodebug=none
# Add connections here
# sample VPN connection
conn %default
# Left security gateway, subnet behind it, next hop toward right.
rekey=no
left=%defaultroute
leftsubnet=192.168.1.0/24
leftid=@uectech.ewess.com
leftrsasigkey=0sAQNrF6o4WJvLbMwwrVxUx1wYocFbY5QuoLTzyBZ7G1xXQIqRqS5sEWqovgTEuT26k1UoH3XfQuJ5d53orb5/9RafIwgap7sawvpj1GB+ed/CjoyUAhUU3+RuCqsBFQoyqOQekA2ebbwXQNIGwU4bdJyhI8vFCKZFamSUixj53eAQ8w==
authby=rsasig
auto=start
conn dgevpn-net
rightsubnet=192.168.0.0/24
also=dgevpn
conn dgevpn
# VPN connection from Darren's Win2K machine
keyingtries=1
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=151.201.139.187
leftcert=uectech.ewess.net.pem
leftsubnet=192.168.1.0/24
right=70.33.197.36
rightcert=winhost01.uectech.ewess.net.pem
pfs=yes
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
root at uectech:~#
Also, c:\ipsec\ipsec.conf
conn %default
conn dgevpn
left=192.168.0.238
right=151.201.139.187
rightca="C=US, S=Maine, L=Augusta, O=WESS Management LLC,
OU=vpnaccess, CN=CA/emailAddress=ca at ewess.net"
network=auto
auto=start
pfs=yes
conn dgevpn-net
left=192.168.0.238
right=151.201.139.187
rightsubnet=192.168.1.0/24
rightca="C=US, S=Maine, L=Augusta, O=WESS Management LLC,
OU=vpnaccess, CN=CA/emailAddress=ca at ewess.net"
network=auto
auto=start
pfs=yes
More information about the Users
mailing list