[Openswan Users] Ipsec VPN from windows machines

Marco Berizzi pupilla at hotmail.com
Thu Apr 3 10:51:37 EDT 2008

Agent Smith wrote:

> root at med-idxgtw:~\[root at med-idxgtw ~]# ip -s x s
> src 146.9.osw.box dst 146.9.nat.router
> proto ipv6-crypt spi 0xa23e7f96(2722004886) reqid
> 16393(0x00004009) mode transport
> replay-window 32 seq 0x00000000
> auth hmac(sha1)
> 0x2707d9d3974bcec81e5eb5b41e3949f93c962fcd (160 bits)
> enc cbc(des3_ede)
> 0x8af1852fa7eab334554cd3275fb352fa178ce0376d6f66ae
> (192 bits)
> encap (not implemented yet!)

here is your problem:

encap (not implemented yet!)

this is a really odd message.
When there is a peer behind nat you should get

encap type espinudp sport 4500 dport 4500 addr

Another thing I see which is is wrong is that
there is no dir fwd policy.
Did you compile yourself the kernel? Are you
running some other ike daemon on this box?

More information about the Users mailing list