[Openswan Users] Problem with OpenSwan and windows mobile 6.0

Denis Beltramo denis at denisio.net
Thu Feb 28 04:28:38 EST 2008


Ri - Hello,

Cancel all my problem. I explain my situation: i would configure an server
with openswan that client that have windows xp , windows mobile, linux
connect it and mac tiger. Now work all, my error are of creation of
certificate.

I have a last problem (I hope), the connection beetwen macOS Tiger with my
debian openswan server. I have read a question that are in your site for
this case i have added at my openssl.cnf this line:

extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth
subjectAltName=IP:172.31.1.192

but don't work the error is this:

Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
responding to Main Mode from unknown peer 172.31.1.22
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
ignoring Vendor ID payload [KAME/racoon]
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 28 09:59:01 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
STATE_MAIN_R2: sent MR2, expecting MI3
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Italia, O=bla, OU=bla,
CN=bla, E=bla at bla.it'
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[1] 172.31.1.22 #3:
switched from "roadwarriormac2" to "roadwarriormac2"
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
deleting connection "roadwarriormac2" instance with peer
172.31.1.22{isakmp=#0/ipsec=#0}
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
I am sending my cert
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
ignoring informational payload, type INVALID_CERT_AUTHORITY
Feb 28 09:59:02 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
received and ignored informational message
Feb 28 09:59:12 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 28 09:59:21 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Feb 28 09:59:31 vpnserver pluto[6867]: "roadwarriormac2"[2] 172.31.1.22 #3:
discarding duplicate packet -- exhausted retransmission; already
STATE_MAIN_R3
Feb 28 09:59:51 vpnserver last message repeated 2 times
Feb 28 10:17:01 vpnserver CRON[7038]: (pam_unix) session opened for user
root by (uid=0)
Feb 28 10:17:01 vpnserver CRON[7038]: (pam_unix) session closed for user
root

Where i Wrong?

thanks!

On Sun, Feb 24, 2008 at 10:11 AM, Jacco de Leeuw <jacco2 at dds.nl> wrote:

> Denis Beltramo wrote:
>
> > Sorry if don't respond immediatly but I have been out of home.
> > Now work, my error is wrong pass for cert file.
> > But now I have the ultimate problem... windows use the wrong
> > certificate.
>
> What do you mean, it uses the wrong certificate? Is this desktop
> Windows or Windows Mobile? If you remove all spurious personal
> certificates it should always pick the remaining one.
>
> And did you also try with a PSK instead of certificates and
> without NAT? This is to find out if there is an MTU problem.
>
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>



-- 
Denis Beltramo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080228/814b7b0c/attachment-0001.html 


More information about the Users mailing list