[Openswan Users] IPSEC windows 2003 and linux openswan 1.0.7
Brian Candler
B.Candler at pobox.com
Sun Apr 16 08:50:11 CEST 2006
On Tue, Apr 11, 2006 at 11:30:09PM -0400, Brad Langhorst wrote:
> Ulf Jakobsson's posting saying that he was able to get 2003 and openswan
> 1.x working .
>
>
> I've tried this series of commands - all i see is "negotiating ip
> security" at the windows command prompt.
1. Run tcpdump on the IKE traffic:
tcpdump -i eth0 -n -s 1500 -v udp port 500
The initial exchanges are not encrypted. You will be able to see what side A
is offering, and often the error if B rejects it (e.g. "no proposal chosen")
Unfortunately, most IPSEC implementations are poor when it comes to handling
'informational' messages; they often just discard without even logging. So
tcpdump can be the only tool.
2. Enable oakley logging at the Windows end. This creates a file
\windows\debug\oakley.log showing the exchange and what happened.
Google for oakley.log or search for it on microsoft.com
You are using some third-party tool called ipsec.exe. I can't help you with
this; I only know the Microsoft-supplied tools (ipseccmd for XP, ipsecpol
for 2000).
Regards,
Brian.
More information about the Users
mailing list