[Openswan Users] XP as client
Axel Pruin
axel at finkenau-1.dyndns.org
Sat May 27 15:39:42 CEST 2006
I have a problem connecting a windows client to an VPN Gateway.
I prepared a test network to locate the problem but so far without any
result.
The connection between the "Linux box 1" and the "vpn gateway" is
working but I can not create a tunnel from the
Windows XP client. I tried PSK as well as X509 certificates but the in
both scenarios
the log shows "invalid cookie"
I have no idea how to localize the problem. All suggestions are welcome.
Below the configuration
OS is suse 10.1
openswan is 2.4.4
Network configuration:
!
192.168.178.200
VPN GATEWAY (left)
172.16.0.1
!
--------------------------------
! !
172.16.0.2 172.16.0.3
LINUX BOX 1 WINDOWS XP CLIENT
194.195.152.200
isec.conf:
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
virtual_private=%v4:192.168.178.0/24,%v4194.195.152.0/24,%v4:!172.16.0.0/16
# Add connections here
conn test1
left=172.16.0.1
leftsubnet=192.168.178.0/24
leftsourceip=192.168.178.200
right= 172.16.0.2
rightsubnet=194.195.152.0/24
rightsourceip=194.195.152.200
rightcert=ws253Cert.pem
leftcert=ws252Cert.pem
type=tunnel
auto=start
# sample VPN connection
conn road1psk
# roadwarrior connection, server side
left=172.16.0.1
leftsubnet=192.168.178.0/24
leftsourceip=192.168.178.200
leftprotoport=17/1701
leftcert=ws252Cert.pem
# roadwarrior side.
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
right=%any
rightid="C=DE, O=*, OU=*, CN=*"
auto=add
#authby=secret
Log:
May 27 13:34:20 ws252 pluto[3900]: packet from 172.16.0.3:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 13:34:20 ws252 pluto[3900]: packet from 172.16.0.3:500: ignoring
Vendor ID payload [FRAGMENTATION]
May 27 13:34:20 ws252 pluto[3900]: packet from 172.16.0.3:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
May 27 13:34:20 ws252 pluto[3900]: packet from 172.16.0.3:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
May 27 13:34:20 ws252 pluto[3900]: "road1psk"[2] 172.16.0.3 #9:
responding to Main Mode from unknown peer 172.16.0.3
May 27 13:34:20 ws252 pluto[3900]: "road1psk"[2] 172.16.0.3 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 13:34:20 ws252 pluto[3900]: "road1psk"[2] 172.16.0.3 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
May 27 13:34:20 ws252 pluto[3900]: "road1psk"[2] 172.16.0.3 #9: ignoring
informational payload, type INVALID_COOKIE
May 27 13:34:20 ws252 pluto[3900]: "road1psk"[2] 172.16.0.3 #9: received
and ignored informational message
May 27 13:34:22 ws252 pluto[3900]: packet from 172.16.0.3:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
More information about the Users
mailing list