[Openswan Users] vista AuthIP
pupilla at hotmail.com
Thu Sep 6 05:16:56 EDT 2007
Jacco de Leeuw wrote:
> Paul Wouters wrote:
> > Show us the logs on the openswan end.
> Might be the same as previously posted on the list:
> Actually, it was the Microsoft Support team that wrote:
> >> The 133 payload is sent under exchange type 243. Looks like what is
> >> happening is that the linux implementation is accepting the
> >> 243 packet (it should drop it) and failing the negotiation when it
> >> a 133 payload in the packet.
> These types are from 'private use' ranges, according the RFC. As far
> can see from the code, the only 'private use' exchange types in
> Private Echo Request and -Reply but these are 244 and 245,
> So Openswan should ignore what Vista is sending. Looking at Marco's
> log it does indeed:
> > packet from 18.104.22.168:500: next payload type of ISAKMP Message has
> > unknown value: 133
> Then according to Marco's log the Vista client continues to do its
> thing, which Openswan of course does not understand.
> However, why is Vista sending these private payload types anyway?
> did not respond to the AuthIP vendor IDs that Vista sent (assuming
> this is the proper way to negotiate proprietary extensions).
> Marco, are you sure you haven't enabled something in your Vista client
> forces the use of AuthIP?
> For example, don't use that "Windows Firewall with
> Advanced Security" thingie in Vista.
I'm using a standard vista installation and this script
for build the ipsec tunnel:
netsh advf consec delete rule name=all
set ip=22.214.171.124 <<=== vista ip address
netsh advf consec add rule name="osw" mode=tunnel endpoint1=%ip%
action=requireinrequireout enable=yes qmpfs=mainmode auth1=computercert
enswan at company" remotetunnelendpoint=OPENSWAN_IP_ADDRESS
More information about the Users