[Openswan Users] Ipsec Tunnel Between openswan & Windows XP

Paul Wouters paul at xelerance.com
Mon Mar 27 23:28:40 CEST 2006


On Mon, 27 Mar 2006, Walied Meghezel wrote:

> Date: Mon, 27 Mar 2006 12:04:48 -0800
> From: Walied Meghezel <wmeghezel at gmail.com>
> To: Users at openswan.org
> Subject: [Openswan Users] Ipsec Tunnel Between openswan & Windows XP
>
> Ipsec Tunnel Between openswan & Windows XP
>
> I have an XP machine trying to connect it to OPENSWAN Gateway using the
> following
>
> configurations
>
> XP:
> client using ipsecpol
> X509 certificate imported using certimport
> connection using dial-up modem
>
>
> OPENSWAN:
> ipsec.secrets:
> : RSA local.key  "local"
>
>
>
> ipsec.conf:
>
> config setup
>  interfaces="ipsec0=eth0"
>  nat_traversal=yes
>  virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

exclude 192.168.1.0/24 from that range.

> conn roadwarrior-net
>  leftsubnet=192.168.1.0/24
>  left=XXX.xxx.xxx.xxx   # my gateway IP
>  leftcert=local.pem
>  right=%any
>  rightsubnet=vhost:%no,%priv
>  auto=add
>  pfs=yes

> Main Mode from unknown peer 62.114.110.157
> Mar 27 21:24:59 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#2: transition from
>
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 27 21:24:59 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#2: STATE_MAIN_R1:
>
> sent MR1, expecting MI2
> Mar 27 21:25:01 vpnmain pluto[18788]: packet from 62.114.110.157:500:
> ignoring Vendor ID
>
> payload [MS NT5 ISAKMPOAKLEY 00000003]
> Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#3: responding to
>
> Main Mode from unknown peer 62.114.110.157
> Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#3: transition from
>
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 27 21:25:01 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#3: STATE_MAIN_R1:
>
> sent MR1, expecting MI2
> Mar 27 21:25:05 vpnmain pluto[18788]: packet from 62.114.110.157:500:
> ignoring Vendor ID
>
> payload [MS NT5 ISAKMPOAKLEY 00000003]
> Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#4: responding to
>
> Main Mode from unknown peer 62.114.110.157
> Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#4: transition from
>
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 27 21:25:05 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#4: STATE_MAIN_R1:
>
> sent MR1, expecting MI2
> Mar 27 21:25:13 vpnmain pluto[18788]: packet from 62.114.110.157:500:
> ignoring Vendor ID
>
> payload [MS NT5 ISAKMPOAKLEY 00000003]
> Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#5: responding to
>
> Main Mode from unknown peer 62.114.110.157
> Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#5: transition from
>
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 27 21:25:13 vpnmain pluto[18788]: "roadwarrior-net"[1]
> 62.114.110.157#5: STATE_MAIN_R1:  sent MR1, expecting MI2

the logs seem to have been damaged somewhere, but it looks like
it stops af MI2. Check your firewall rules. Do you allow port
4500 udp through?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list