[Openswan Users] Windows Xp client to openswan

Paul Wouters paul at xelerance.com
Thu Mar 16 03:20:27 CET 2006


On Wed, 15 Mar 2006, Can Akalin wrote:

> I installed  lsipsectool.exe and used it. The result was not a success. I am
> gonna paste the log file below. Before that, I have a few questions;

Odd.

>    1. At the GUI of lsipsectool.exe, under the Remote Side of the Tunnel,
>    I put the IP address of the gateway which is 192.168.1.55. But I am
>    confused with Remote Internal IP and Private Address/Network Mask part. I
>    put 10.10.10.10 for both of them which is linux box's IP address
>    within that LAN behind the gateway. Is that correct?

Yes. The reason for that option is that Microsoft IPsec only initiates the
tunnel when there is traffic for it. Just like you need to "ping" first
after the ipsec.exe command ran before you see "Negotiating IPsec security".
The lsipsectool uses that internal IP to sent a ping when you click on bringing
the connection up.

>    2. At the IPSec Options windows, I selected Certificate as an
>    Authentication Method and write the challange password below which I was
>    asked when I created the certificate at CA in linux box.For the
>    Proto/Encryption/Integrity part I did not change the default settings, which
>    are ESP/3DES/MD5. Should I change them? If so, to what values I should
>    change them?

No you shouldn't need to.

> Remote Gateway Address: 192.168.1.55
> Remote Monitor Address: 10.10.10.10
> Remote Network: 10.10.10.10/255.255.255.0

Can you try 10.10.10.0/255.255.255.0 instead?

> IPSec Services: PAStore Engine failed to apply some rules of the active
> IPSec policy "x4 {0529745e-57f5-4c99-adc9-951d9c14a149}" on the machine with
> error code: The parameter is incorrect.
>
> . Please run IPSec monitor snap-in to further diagnose the problem

Check in the administration tools/services to see if the IPsec service is
running? Some other clients (I believe ncp/astaro) might turn it off when
you install their software, but do not re-enable them.

Paul


More information about the Users mailing list