[Openswan Users]

Jacco de Leeuw jacco2 at dds.nl
Sun Jul 16 00:52:59 CEST 2006

Meron Lavie wrote:

> I have a Linux FC5 serving as a Gateway/Firewall/Openswan server, behind an
> ADSL (PPPoE ?) modem/router.

So the Openswan server is NATed, and the Windows 2003 Server (acting as
a client) is not.

> in the /var/log/secure log I see:
> #1: Quick Mode I1 message is unacceptable because it uses a

There must be more in the logs but it has been cut off.

> W2K3 Server/SP1
> Default MS IPSec client, configured for PSK.
> Non-NAT-ed

This is a known problem. I don't know exactly what is going on:

   Not working:

     * Windows Server 2003 used as a client connecting to Openswan server
       behind NAT: Windows 2003 disconnects (SA dead / Delete SA) for
       some reason? Even with "AssumeUDPEncapsulationContextOnSendRule"
       set to 1.

I did not look into it much because I figured that not many people
would want to pay for a Windows 2003 Server licence and then use it
only as a client.

Could you try with a Windows XP or 2000 client on the external network?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list