[Openswan Users] Windows Xp client to openswan
Paul Wouters
paul at xelerance.com
Fri Mar 17 05:52:47 CET 2006
On Thu, 16 Mar 2006, Can Akalin wrote:
> I wrote here about my problem earlier regarding IPSec VPN connection using
> x509 certificates between a linux machine kernel 2.6.13 Openswan 2.4.0, and
> a Windows XP Pro SP2 client.
Can you try using a more modern version of openswan, eg 2.4.5rc4 ?
> 3-16: 16:51:27:187:4b4 received an unencrypted packet when crypto active
So windows thinks the last packets finished the IKE negotiation, but it just
got a message back in plaintext, which is probable an error. This error
should be visible in the openswan logs.
> -- AND HERE IS THE LOG FILE FROM /var/log/messages at the Linux Machine
>
> Mar 16 16:51:33 linuxserver pluto[6114]: packet from 192.168.1.68:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> Mar 16 16:51:33 linuxserver pluto[6114]: packet from 192.168.1.68:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> Mar 16 16:51:33 linuxserver pluto[6114]: packet from 192.168.1.68:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
> to=106
> Mar 16 16:51:33 linuxserver pluto[6114]: packet from 192.168.1.68:500:
> ignoring Vendor ID payload [Vid-Initial-Contact]
> Mar 16 16:51:33 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> responding to Main Mode from unknown peer 192.168.1.68
> Mar 16 16:51:33 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 16 16:51:33 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> STATE_MAIN_R1: sent MR1, expecting MI2
> Mar 16 16:51:34 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
> Mar 16 16:51:34 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Mar 16 16:51:34 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Mar 16 16:52:44 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68 #16:
> max number of retransmissions (2) reached STATE_MAIN_R2
> Mar 16 16:52:44 linuxserver pluto[6114]: "roadwarrior"[13] 192.168.1.68:
> deleting connection "roadwarrior" instance with peer
> 192.168.1.68{isakmp=#0/ipsec=#0}
That's all? weird.
Are you blocking UDP port 4500? Does your openswan have nat_traversal=yes?
Does virutal_private= contain an entry for 192.168.1.0/24 ?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list