[Openswan Users] Windows Xp client to openswan

[Paul Wouters]

On Wed, 15 Mar 2006, Can Akalin wrote:

> But I am lost at the Windows side. I added the certificate to the windows
> using MMC, downloaded ipsec.exe and ipseccmd.exe. I typed the ipsec and I
> got this error message;

Use lsipsectool.exe from sourceforge, instead of ipsec.exe. ipsec.exe is very
old, has no GUI, and is not really well maintained anymore. lsipsectool uses
the ipsec2k.dll library instead.

> *C:\ipsec>ipsec
> IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
> Getting running Config ...
> Microsoft's Windows XP identified
> Setting up IPSec ...*
>
> *        Deactivating old policy...
>         Removing old policy...*
>
> *Connection roadwarrior:
>         MyTunnel     : 192.168.1.63
>         MyNet        : 192.168.1.63/255.255.255.255
>         PartnerTunnel: 192.168.1.55
>         PartnerNet   : 192.168.1.55/255.255.255.255
>         CA (ID)      : C=CA,ST=Ontario,L=Toronto,O=Springboard Retail*
>
> *   PFS          : y
>         Auto         : start
>         Auth.Mode    : MD5
>         Rekeying     : 3600S/50000K
> Error 0xcbbb0012 occurred:*
>
> *The authentication method specified is invalid or unsupported.*

> here is my ipsec.conf at the windows machine,
>
> *conn roadwarrior
>  left=%any
>  right=192.168.1.55
>  rightca="C=CA,ST=Ontario,L=Toronto,O=Springboard
> Retail,CN=can,emailAddress=can at springboardnetworks.com"
>  network=auto
>  auto=start
>  pfs=yes*

Is that "*" part of your config file? If so, remove them.
Also, is rightca= the Id of the Certificate Authority? It should NOT be the
personal certificate ID, but that of the CA.

> Can anyone help me to instruct what to do with ipsec.exe, ipsec.conf and
> ipseccmd.exe at the windows to get the VPN work?

Ditch it for lsipsectool.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155