[Openswan Users] ipsec configuration issue

[Boris Demirov]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,


I have this maybe stupid question: Is it possible to achieve ipsec
tunnel using ipseccmd in windows xp with the following setup?

First I am in a intranet and I use a pptp server to go to the internet
with no limitations of protocol ot ports. So I use some internal IP like
10.15.0.1 as workstation IP, after making a pptp connection I get a new
10.30.0.1 on the pptp interface and some public address like
201.123.123.10 on the pptp server which is connected to the internet.

And after that I am trying to make a ipsec tunnel to another network
with the following configuration given me by the other company IT's:

phase1:

3DES,MD5
DH group 5
keylife 28000
XAuth - disable
NAT traversal - enabled
keep alive - 10
dead peer detection - enabled

phase2:

3DES,SHA1
DH group 5
Enable PFS
keylife 1800
auto keep alive - enabled

and I got a preshared key also.

I am trying to make the tunnel using this command but with no success:

(where 192.168.1.0/24 is the other intranet and 205.125.125.1 is the
ipsec gateway)

ipseccmd -f 10.30.0.*=192.168.1.0/255.255.255.0 -n ESP[3DES,MD5]P5 -t
205.125.125.1 -a PRESHARE:"passphrase" -1s 3DES-SHA-1 -dialup

So am I missing something in the command line or is it impossible to
achive this setup with ipseccmd? If it is the second what can I use
under windows for this setup ?

Thanks in advance.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHxSCJSPgKhjm4AukRAhpcAJ9lRb6lWPIvSsmzLyZpG397/MHLhgCdHUqM
Hf34+FQI8RuWb6u9OnQmjzo=
=ZboP
-----END PGP SIGNATURE-----