[Openswan Users] Ipsec VPN from windows machines

Marco Berizzi pupilla at hotmail.com
Thu Apr 3 11:52:07 EDT 2008


Agent Smith wrote:

> yup, did it manually before each restart and its
> windows native ipsec via 'IP Security Policy on Local
> Computer' snap-in.

I think this is a windows bug. Your policies are
all /32 <=> /32 and I think windows xp will create
a transport mode ipsec sa instead of a tunnel mode
one.
This is confirmed by the ip -s x p output:

src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
dir in action allow index 504 priority 2080 share any
16393(0x00004009) mode transport

Could you try to build a policy like this:

windows xp ip address/32 <==> 192.168.25.0/29

conn CERT-29
authby=rsasig
pfs=yes
left=a.b.c.d
leftsubnet=192.168.25.0/29
leftrsasigkey=%cert
leftcert=servercert.pem
right=%any
rightsubnet=vhost:%no,%priv
rightrsasigkey=%cert
auto=add




More information about the Users mailing list