[Openswan Users] Windows/Openswan ipsec problem (authentication method invalid or unsupported)

Dharmesh Chauhan dharmesh.chauhan at yahoo.com
Mon Jul 2 08:17:37 EDT 2007 

 Hello everyone,

I followed the guideline provided by Nate Carlson (http://www.natecarlson.com/linux/ipsec-x509.php) to setup "Net to Road-warrior" ipsec vpn connection between debian linux gateway and Windows XP road-warrior.

Gateway:      Debian GNU/Linux 3.1
Road warrior: Microsoft Windows XP SP2
ipsec:           Linux Openswan 2.4.6 (klips)

When I run ipsec.exe command in windows I am getting this error


C:\ipsec>ipsec
IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Setting up IPSec ...

        Deactivating old policy...
        Removing old policy...

Connection netone:
        MyTunnel     : 10.10.136.10
         MyNet        : 10.10.136.10/255.255.255.255
        PartnerTunnel: 10.10.136.90
        PartnerNet   : 192.0.0.0/255.0.0.0
        CA (ID)      : subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA...
        PFS          : y
        Auto         : start
        Auth.Mode    : MD5
        Rekeying     : 3600S/50000K
Error 0xcbbb0012 occurred:

The authentication method specified is invalid or unsupported.


POTF_VERSION
USAGE:
ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t  TunnelAddr
         -a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime
         -1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]
         {-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}
     Creates or modifies IPSec policy.

ipseccmd \\machinename show gpo filters policies auth stats sas all
     Displays current IPSec configuration.

ipseccmd \\machinename set [logike OR dontlogike]
     Turns on/off IKE logging.

ipseccmd \\machinename [import OR export] Location FileName
     Imports or exports a static policy file.

ipseccmd -file FileName
     Executes a file containing regular static or dynamic ipseccmd commands.

For extended usage, run: ipseccmd -?
Fehler bei  Command: ipseccmd -w REG -p FreeSwan -r Host-netone -t 10.10.136.90 -
f 10.10.136.10/255.255.255.255=192.0.0.0/255.0.0.0 -n ESP[MD5,3DES]3600S/50000KP
FS -a CERT:"subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA" -lan -1p > NUL:
Error 0xcbbb0012 occurred:

The authentication method specified is invalid or unsupported.


POTF_VERSION
USAGE:
ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t TunnelAddr
         -a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime
         -1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]
         {-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y] -o}
     Creates or modifies IPSec policy.

ipseccmd \\machinename show gpo filters policies auth stats sas all
     Displays current IPSec  configuration.

ipseccmd \\machinename set [logike OR dontlogike]
     Turns on/off IKE logging.

ipseccmd \\machinename [import OR export] Location FileName
     Imports or exports a static policy file.

ipseccmd -file FileName
     Executes a file containing regular static or dynamic ipseccmd commands.

For extended usage, run: ipseccmd -?
Fehler bei Command: ipseccmd -w REG -p FreeSwan -r netone-Host -t 10.10.136.10 -
f 192.0.0.0/255.0.0.0=10.10.136.10/255.255.255.255 -n ESP[MD5,3DES]3600S/50000KP
FS -a CERT:"subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA" -lan -1p > NUL:
        Activating policy...
Error converting policy: 0x5




Windows ipsec.conf file

conn netone
    left=%any
    right=10.10.136.90
     rightsubnet=192.0.0.0/8
    rightca="C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA"
    network=auto
    auto=start
    pfs=yes



Linux ipsec.conf file


version 2.0

config setup
    interfaces=%defaultroute
    nat_traversal=yes
    
conn %default
    keyingtries=1
    compress=yes
    disablearrivalcheck=no
    authby=rsasig
    leftrsasigkey=%cert
    rightrsasigkey=%cert

conn netone
      left=10.10.136.90
    leftsubnet=192.0.0.0/8
    leftcert=host.example.com.pem
    right=%any
    rightsubnet=vhost:%no,%priv
    auto=start
    pfs=yes



However  when I replace 
rightca="subject= ,C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA,emailAddress=ca at example.com"  line in ipsec.conf of Windows to 
rightca=",C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA"  I get following message 


C:\ipsec>ipsec
IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Setting up IPSec ...

        Deactivating old policy...
        Removing old policy...

Connection netone:
        MyTunnel     : 10.10.136.10
        MyNet        : 10.10.136.10/255.255.255.255
        PartnerTunnel: 10.10.136.90
        PartnerNet   :  192.0.0.0/255.0.0.0
        CA (ID)      : C=IN,ST=Gj,L=Ahd,O=Ss,CN=CA...
        PFS          : y
        Auto         : start
        Auth.Mode    : MD5
        Rekeying     : 3600S/50000K
        Activating policy...
but ipsec connection does not get established. Neither I get desired pings nor I get "IPSec SA established message on linux machine.


but I don't get desired pings (request timed out) nor i get "IPSEC SA established" message on command "ipsec auto --status" on debian machine.

Any help is appreciated.
        



 Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070702/ad9f341a/attachment-0001.html

More information about the Users mailing list