[Openswan Users]

[Matt Reeve]

Paul,

I've tried several options now - strongswan 2.7.2 with netkey gives 
exactly the same result, as does openswan 2.4.4 with KLIPS on 2.6.17, as 
does openswan 2.4.6rc3. I seem to be left with the option of trying an 
older kernel, which I'm prepared to do - one question I have though, is 
there a kernel version/openswan version combination that is KNOWN to 
work with Windows 2000 so I can build that and start moving forwards 
from there hopefully?

Thanks again,
Matt.

Paul Wouters wrote:
> On Mon, 17 Jul 2006, Matt Reeve wrote:
>
>   
>> I've reset that MTU to 1472 and restarted everything and that has had no
>> effect. The W2K install is actually out of the box as is the working XP
>> install so I'm not expecting anything untoward there.. ipsec verify shows:
>>     
>
>   
>> Checking your system to see if IPsec got installed and started correctly:
>> Version check and ipsec on-path                                 [OK]
>>     
>
> That all looks okay.
>
>   
>> Linux Openswan U2.4.6rc2/K2.6.17-1.2145_FC5 (netkey)
>>     
>
> You oculd give KLIPS a try over NETKEY. They both handle fragmentation and
> mtu issues differently.
>
>   
>> Is it possible there is something wrong with my certificates? I'm still a bit
>> unclear about how to set all that up even having spent hours surfing for
>> documentation on how to do it properly. It seems odd though that the very same
>> certificate works on the XP box and not the 2K box...
>>     
>
> The Openswan book has a detailed chapter on how to create certificates.
> I don't think you are doing anything wrong. I think it is the openswan=windows
> interaction with MTU's that is causing this.
>
> Sorry I cannot be more helpful,
>
> Paul
>