[Openswan Users] openswan with my w2k not work for now.

Wed Oct 19 12:22:19 CEST 2005

Hi all,

 i have this problem:
 i use Openswan Version 2.4.0 X.509-1.5.4 with NAT-Traversal patch
 (Version 0.6c) on GW, and ebootis on my win2k..
 I need to make a roadwarrior connection.
 After generating x509 cert,.. this not work for me.
 I use 2.6.12 kernel on GW.

config: cut&paste

ipsec.conf on GW:

version 2.0

config setup
        #interfaces=%defaultroute
        interfaces="ipsec0=eth0 ipsec1=eth1"
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24
        #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
        klipsdebug=all
        plutodebug=all

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        auth=esp
        esp=3des
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.1.0/24
        also=roadwarrior

conn roadwarrior
        left=MyPublicIP2
        leftnexthop=MyPublicIP1
        leftsubnet=192.168.1.0/24
        leftcert=testgateway.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-all
        leftsubnet=192.168.1.0/24
        also=roadwarrior

conn roadwarrior-l2tp
        pfs=no
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        pfs=no
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

include /etc/ipsec.d/examples/no_oe.conf

ipsec.secret on GW:
: RSA testgateway.key "testofmymindsomedays"
------------------------------------------------------------------

ipsec.conf on my CLIENTw2k:

conn roadwarrior
    left=192.168.1.99
    right=MyPublicIP2
    rightca="C=IT, ST=ITALY, L=Rome, O=test, CN=test2, E=test at email.it"
    rightsubnet=192.168.1.0/24
    network=auto
    auto=start
    pfs=yes

conn roadwarrior-net
    left=MyPublicIP2
    right=%any
    rightca="C=IT, ST=ITALY, L=Rome, O=test, CN=test2, E=test at email.it"
    rightsubnet=192.168.1.0/24
    network=auto
    auto=start
    pfs=yes

on GW:
when i try..
ipsec auto --verbose --up roadwarrior
029 "roadwarrior": cannot initiate connection without knowing peer IP 
address (kind=CK_TEMPLATE)

192.168.1.0/24->192.168.1.1->MyPublicIP1->MyPublicIP2->192.168.1.46
(xxx.xxx.xxx.99)           eth1            eth0                 
eth0                 eth1

ideas, suggestion ?

thanks.