[Openswan Users] Roadwarrior using Openswan

Angel Vicente Perez angelv64 at wanadoo.es
Wed Feb 7 16:01:43 EST 2007


On Thu, Feb 01, 2007 at 07:32:28PM +0100, Paul Wouters wrote:
> On Thu, 1 Feb 2007, Angel Vicente Perez wrote:
> 
> > > > I'm very newbie at Openswan. I'd like to setup a connection for a
> > > > roadwarrior, but after reading some thread in the list about the subject, I
> > > > didn't get success.
> > > >
> > > > I have the next data:
> > > >
> > > > IP of a security gateway
> > > > IPSec ID
> > > > IPSec secret
> > > > XAuth username
> > > > XAuth password
> > > >
> > > > with this data, I'm able to act as a roadwarrior using vpnc, but I'm not
> > > > able to do the same using Openswan.
> 
> You can try specifying specific ike= and esp= lines. Perhaps grab them from
> a windows log/client that can connect properly? Perhaps you need aggressive mode?

I tried aggressive mode but without success. Attached is a file with a debug
utput from vpnc. There's a line "IKE SA psk+xauth-3des-md5" that I think is
important, but I don't know how to translate for Openswan configuration.

Best regards.
-------------- next part --------------
vpnc version 0.3.3
S1
S2
S3
using interface tun0
S4
S4.1
S4.2
S4.3
S4.4
IKE SA selected psk+xauth-3des-md5
peer is using type 130 for NAT-Discovery payloads
peer is using type 130 for NAT-Discovery payloads
S4.5
NAT status: this end behind NAT? YES -- remote end behind NAT? no
NAT-T mode, adding non-esp marker
S4.6
S5
S5.1
S5.2
got responder liftime notice, ignoring..
S5.3
S5.4
S5.5
NAT-T mode, adding non-esp marker
S5.2
S5.3
S5.6
NAT-T mode, adding non-esp marker
S5.7
S6
NAT-T mode, adding non-esp marker
got pfs setting: 0
got address 172.16.2.77
S7
S7.1
S7.2
NAT-T mode, adding non-esp marker
S7.3
S7.4
S7.5
S7.6
IPSEC SA selected 3des-md5
NAT-T mode, adding non-esp marker
S7.7
S7.8
S7.9
VPNC started in background (pid: 12178)...


More information about the Users mailing list