[Openswan Users] Ipsec VPN from windows machines
Marco Berizzi
pupilla at hotmail.com
Thu Apr 3 11:52:07 EDT 2008
Agent Smith wrote:
> yup, did it manually before each restart and its
> windows native ipsec via 'IP Security Policy on Local
> Computer' snap-in.
I think this is a windows bug. Your policies are
all /32 <=> /32 and I think windows xp will create
a transport mode ipsec sa instead of a tunnel mode
one.
This is confirmed by the ip -s x p output:
src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
dir in action allow index 504 priority 2080 share any
16393(0x00004009) mode transport
Could you try to build a policy like this:
windows xp ip address/32 <==> 192.168.25.0/29
conn CERT-29
authby=rsasig
pfs=yes
left=a.b.c.d
leftsubnet=192.168.25.0/29
leftrsasigkey=%cert
leftcert=servercert.pem
right=%any
rightsubnet=vhost:%no,%priv
rightrsasigkey=%cert
auto=add
More information about the Users
mailing list