[Openswan Users] Ipsec VPN from windows machines

Agent Smith news8080 at yahoo.com
Thu Apr 3 12:39:42 EDT 2008


I'll try that but the only thing I have against it is
the fact that when a tunnel is built that way, windows
side can't be doing DHCP in other words, the ip filter
list needs the IP address assigned to the windows box
otherwise tunnel won't build. 

when you said you had it working did you mean
l2tp/ipsec or windows native IPSEC?

--- Marco Berizzi <pupilla at hotmail.com> wrote:

> Agent Smith wrote:
> 
> > yup, did it manually before each restart and its
> > windows native ipsec via 'IP Security Policy on
> Local
> > Computer' snap-in.
> 
> I think this is a windows bug. Your policies are
> all /32 <=> /32 and I think windows xp will create
> a transport mode ipsec sa instead of a tunnel mode
> one.
> This is confirmed by the ip -s x p output:
> 
> src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
> dir in action allow index 504 priority 2080 share
> any
> 16393(0x00004009) mode transport
> 
> Could you try to build a policy like this:
> 
> windows xp ip address/32 <==> 192.168.25.0/29
> 
> conn CERT-29
> authby=rsasig
> pfs=yes
> left=a.b.c.d
> leftsubnet=192.168.25.0/29
> leftrsasigkey=%cert
> leftcert=servercert.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> rightrsasigkey=%cert
> auto=add
> 
> 
> 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com


More information about the Users mailing list