[Openswan Users] Openswan U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey) - Windows Xp with sp2

Paul Wouters paul at xelerance.com
Wed Aug 30 09:36:52 EDT 2006

On Wed, 30 Aug 2006, Jure wrote:

> one eth0 - direct connection with ppp0 for adsl modem
> IP:
> broadcast:
> mask:
> second eth1 for crossover cabel with Windows Xp client
> IP:
> broadcast:
> mask:

You put both network cards in the same segment? That is
probably going to cause trouble. Where does go
to? eth0 or eth1?

> conn babylon3-do-babylon1
>         type=tunnel
>         authby=rsasig
>         left=
>         leftnexthop=%direct
>         right=
>         rightnexthop=%direct

You might need type=%direc, and no nexthop's.

> eth1 network card is direct connected with crossover cabel
> on my Windows Xp client with service pack 2 in which I have
> one network card
> eth0
> IP:
> mask:
> gateway:

So it will definately not be able to see eth0.

> c:\ipsec\ipsec.conf
> conn babylon3-do-babylon1
>     left=%any
>     right=
>     rightsubnet=

You cannot put rightsubnet behind right. How would you reach right
if it is within rightsubnet, which you reach by going to right, which
is in rightsubne, which you reach.....

> c:\ipsec\ipsec.exe

do not use ipsec.exe. Use lsipsectool instead. ipsec.exe is known to
cause problems on up to date XP machines, and foobar's the registry.
If possible , use lsipsectool and re-install that XP machine to prevent
weird registry problems.

> ERROR: asynchronous network error report on eth1 (sport=500) for message
> to port 1, complainant No route to host [errno
> 113, origin ICMP type 3 code 1 (not authenticated)]

Yeah, your linux server is sending weird ICMP messages because it has
this weird situation of having two identical segments. You should renumber
your internal LAN to something else then the WAN segment of your DSL link.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list