[Openswan Users] Openswan U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey) - Windows Xp with sp2
Paul Wouters
paul at xelerance.com
Wed Aug 30 09:36:52 EDT 2006
On Wed, 30 Aug 2006, Jure wrote:
> one eth0 - direct connection with ppp0 for adsl modem
> IP: 192.168.0.3
> broadcast: 192.168.0.255
> mask: 255.255.255.0
>
> second eth1 for crossover cabel with Windows Xp client
> IP: 192.168.0.4
> broadcast: 192.168.0.255
> mask: 255.255.255.0
You put both network cards in the same segment? That is
probably going to cause trouble. Where does 192.168.0.5 go
to? eth0 or eth1?
> conn babylon3-do-babylon1
> type=tunnel
> authby=rsasig
> left=192.168.0.4
> leftnexthop=%direct
> right=192.168.0.5
> rightnexthop=%direct
You might need type=%direc, and no nexthop's.
> eth1 network card is direct connected with crossover cabel
> on my Windows Xp client with service pack 2 in which I have
> one network card
>
> eth0
> IP: 192.168.0.5
> mask: 255.255.255.0
> gateway: 192.168.0.4
So it will definately not be able to see eth0.
> c:\ipsec\ipsec.conf
>
> conn babylon3-do-babylon1
> left=%any
> right=192.168.0.4
> rightsubnet=192.168.0.0/24
You cannot put rightsubnet behind right. How would you reach right
if it is within rightsubnet, which you reach by going to right, which
is in rightsubne, which you reach.....
> c:\ipsec\ipsec.exe
do not use ipsec.exe. Use lsipsectool instead. ipsec.exe is known to
cause problems on up to date XP machines, and foobar's the registry.
If possible , use lsipsectool and re-install that XP machine to prevent
weird registry problems.
> ERROR: asynchronous network error report on eth1 (sport=500) for message
> to 192.168.0.5 port 1, complainant 192.168.0.4: No route to host [errno
> 113, origin ICMP type 3 code 1 (not authenticated)]
Yeah, your linux server is sending weird ICMP messages because it has
this weird situation of having two identical segments. You should renumber
your internal LAN to something else then the WAN segment of your DSL link.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list