[Openswan Users] Windows Xp client to openswan
Can Akalin
canakalin77 at gmail.com
Wed Mar 15 14:36:59 CET 2006
Paul,
Thank you very much for your quick response.
At the ipsec.conf file that have, those * symbols are not the actual part of
the file. Somehow, they ended up in my email when I copy-pasted them. Sorry
about that.
I installed lsipsectool.exe and used it. The result was not a success. I am
gonna paste the log file below. Before that, I have a few questions;
1. At the GUI of lsipsectool.exe, under the Remote Side of the Tunnel,
I put the IP address of the gateway which is 192.168.1.55. But I am
confused with Remote Internal IP and Private Address/Network Mask part. I
put 10.10.10.10 for both of them which is linux box's IP address
within that LAN behind the gateway. Is that correct?
2. At the IPSec Options windows, I selected Certificate as an
Authentication Method and write the challange password below which I was
asked when I created the certificate at CA in linux box.For the
Proto/Encryption/Integrity part I did not change the default settings, which
are ESP/3DES/MD5. Should I change them? If so, to what values I should
change them?
*Here is the log file from lsipsectool;*
14:29:39: Starting Tunnel
14:29:39: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 192.168.1.55
Remote Monitor Address: 10.10.10.10
Remote Network: 10.10.10.10/255.255.255.0
Local Address: 192.168.1.64
Local Network: 192.168.1.64/255.255.255.255
14:29:39: WinSock Version High : 514 Version : 2
14:29:39: Init checkconnThread::Entry()
14:29:42: Comparing 192.168.1.55 = 192.168.1.55
14:29:45: 0 ECHO REQUEST TO 10.10.10.10 [ FAILED #0 ] [ Unknow Error Code
11010 ]
14:29:45: Comparing 192.168.1.55 = 192.168.1.55
14:29:47: 1 ECHO REQUEST TO 10.10.10.10 [ FAILED #1 ] [ Unknow Error Code
11010 ]
14:29:47: Comparing 192.168.1.55 = 192.168.1.55
14:29:50: 2 ECHO REQUEST TO 10.10.10.10 [ FAILED #2 ] [ Unknow Error Code
11010 ]
14:29:50: Comparing 192.168.1.55 = 192.168.1.55
14:29:52: Stoping Tunnel
14:29:52: 3 ECHO REQUEST TO 10.10.10.10 [ FAILED #3 ] [ Unknow Error Code
11010 ]
14:29:52: Exit pingThread::OnExit()
14:29:52: Dactivating policy {bd834698-2b72-49a2-9207-21572a79cefe}
*And here is the log file from windows event viewer;*
IPSec Services: PAStore Engine failed to apply some rules of the active
IPSec policy "x4 {0529745e-57f5-4c99-adc9-951d9c14a149}" on the machine with
error code: The parameter is incorrect.
. Please run IPSec monitor snap-in to further diagnose the problem
Thank you very much.
Can Akalin
On 3/15/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Wed, 15 Mar 2006, Can Akalin wrote:
>
> > But I am lost at the Windows side. I added the certificate to the
> windows
> > using MMC, downloaded ipsec.exe and ipseccmd.exe. I typed the ipsec and
> I
> > got this error message;
>
> Use lsipsectool.exe from sourceforge, instead of ipsec.exe. ipsec.exe is
> very
> old, has no GUI, and is not really well maintained anymore. lsipsectool
> uses
> the ipsec2k.dll library instead.
>
> > *C:\ipsec>ipsec
> > IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
> > Getting running Config ...
> > Microsoft's Windows XP identified
> > Setting up IPSec ...*
> >
> > * Deactivating old policy...
> > Removing old policy...*
> >
> > *Connection roadwarrior:
> > MyTunnel : 192.168.1.63
> > MyNet : 192.168.1.63/255.255.255.255
> > PartnerTunnel: 192.168.1.55
> > PartnerNet : 192.168.1.55/255.255.255.255
> > CA (ID) : C=CA,ST=Ontario,L=Toronto,O=Springboard Retail*
> >
> > * PFS : y
> > Auto : start
> > Auth.Mode : MD5
> > Rekeying : 3600S/50000K
> > Error 0xcbbb0012 occurred:*
> >
> > *The authentication method specified is invalid or unsupported.*
>
> > here is my ipsec.conf at the windows machine,
> >
> > *conn roadwarrior
> > left=%any
> > right=192.168.1.55
> > rightca="C=CA,ST=Ontario,L=Toronto,O=Springboard
> > Retail,CN=can,emailAddress=can at springboardnetworks.com"
> > network=auto
> > auto=start
> > pfs=yes*
>
> Is that "*" part of your config file? If so, remove them.
> Also, is rightca= the Id of the Certificate Authority? It should NOT be
> the
> personal certificate ID, but that of the CA.
>
> > Can anyone help me to instruct what to do with ipsec.exe, ipsec.conf and
> > ipseccmd.exe at the windows to get the VPN work?
>
> Ditch it for lsipsectool.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060315/5ef0a187/attachment-0001.htm
More information about the Users
mailing list