[Openswan Users] Windows Xp client to openswan

Can Akalin canakalin77 at gmail.com
Wed Mar 15 14:36:59 CET 2006 

Paul,
Thank you very much for your quick response.

At the ipsec.conf file that have, those * symbols are not the actual part of
the file. Somehow, they ended up in my email when I copy-pasted them. Sorry
about that.

I installed  lsipsectool.exe and used it. The result was not a success. I am
gonna paste the log file below. Before that, I have a few questions;


   1. At the GUI of lsipsectool.exe, under the Remote Side of the Tunnel,
   I put the IP address of the gateway which is 192.168.1.55. But I am
   confused with Remote Internal IP and Private Address/Network Mask part. I
   put 10.10.10.10 for both of them which is linux box's IP address
   within that LAN behind the gateway. Is that correct?
   2. At the IPSec Options windows, I selected Certificate as an
   Authentication Method and write the challange password below which I was
   asked when I created the certificate at CA in linux box.For the
   Proto/Encryption/Integrity part I did not change the default settings, which
   are ESP/3DES/MD5. Should I change them? If so, to what values I should
   change them?

*Here is the log file from lsipsectool;*


14:29:39: Starting Tunnel

14:29:39: IKE Encryption: 3des

IKE Integrity: md5

Remote Gateway Address: 192.168.1.55

Remote Monitor Address: 10.10.10.10

Remote Network: 10.10.10.10/255.255.255.0

Local Address: 192.168.1.64

Local Network: 192.168.1.64/255.255.255.255

14:29:39: WinSock Version High : 514 Version : 2

14:29:39: Init checkconnThread::Entry()

14:29:42: Comparing 192.168.1.55 = 192.168.1.55

14:29:45: 0 ECHO REQUEST TO 10.10.10.10 [ FAILED #0 ] [ Unknow Error Code
11010 ]

14:29:45: Comparing 192.168.1.55 = 192.168.1.55

14:29:47: 1 ECHO REQUEST TO 10.10.10.10 [ FAILED #1 ] [ Unknow Error Code
11010 ]

14:29:47: Comparing 192.168.1.55 = 192.168.1.55

14:29:50: 2 ECHO REQUEST TO 10.10.10.10 [ FAILED #2 ] [ Unknow Error Code
11010 ]

14:29:50: Comparing 192.168.1.55 = 192.168.1.55

14:29:52: Stoping Tunnel

14:29:52: 3 ECHO REQUEST TO 10.10.10.10 [ FAILED #3 ] [ Unknow Error Code
11010 ]

14:29:52: Exit pingThread::OnExit()

14:29:52: Dactivating policy {bd834698-2b72-49a2-9207-21572a79cefe}
*And here is the log file from windows event viewer;*

IPSec Services: PAStore Engine failed to apply some rules of the active
IPSec policy "x4 {0529745e-57f5-4c99-adc9-951d9c14a149}" on the machine with
error code: The parameter is incorrect.

. Please run IPSec monitor snap-in to further diagnose the problem



Thank you very much.

Can Akalin





On 3/15/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Wed, 15 Mar 2006, Can Akalin wrote:
>
> > But I am lost at the Windows side. I added the certificate to the
> windows
> > using MMC, downloaded ipsec.exe and ipseccmd.exe. I typed the ipsec and
> I
> > got this error message;
>
> Use lsipsectool.exe from sourceforge, instead of ipsec.exe. ipsec.exe is
> very
> old, has no GUI, and is not really well maintained anymore. lsipsectool
> uses
> the ipsec2k.dll library instead.
>
> > *C:\ipsec>ipsec
> > IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
> > Getting running Config ...
> > Microsoft's Windows XP identified
> > Setting up IPSec ...*
> >
> > *        Deactivating old policy...
> >         Removing old policy...*
> >
> > *Connection roadwarrior:
> >         MyTunnel     : 192.168.1.63
> >         MyNet        : 192.168.1.63/255.255.255.255
> >         PartnerTunnel: 192.168.1.55
> >         PartnerNet   : 192.168.1.55/255.255.255.255
> >         CA (ID)      : C=CA,ST=Ontario,L=Toronto,O=Springboard Retail*
> >
> > *   PFS          : y
> >         Auto         : start
> >         Auth.Mode    : MD5
> >         Rekeying     : 3600S/50000K
> > Error 0xcbbb0012 occurred:*
> >
> > *The authentication method specified is invalid or unsupported.*
>
> > here is my ipsec.conf at the windows machine,
> >
> > *conn roadwarrior
> >  left=%any
> >  right=192.168.1.55
> >  rightca="C=CA,ST=Ontario,L=Toronto,O=Springboard
> > Retail,CN=can,emailAddress=can at springboardnetworks.com"
> >  network=auto
> >  auto=start
> >  pfs=yes*
>
> Is that "*" part of your config file? If so, remove them.
> Also, is rightca= the Id of the Certificate Authority? It should NOT be
> the
> personal certificate ID, but that of the CA.
>
> > Can anyone help me to instruct what to do with ipsec.exe, ipsec.conf and
> > ipseccmd.exe at the windows to get the VPN work?
>
> Ditch it for lsipsectool.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060315/5ef0a187/attachment-0001.htm

More information about the Users mailing list