[Openswan Users] issue with WinXP L2TP/IPSEC connection to Linux L2tpd
Sambuddho Chakravarty
sc2516 at columbia.edu
Mon Jun 30 00:56:55 EDT 2008
Hello All
I created a small network wherein a windows xp (with sp2) connected to
a linux ipsec gateway . The Linux ipsec gateway uses openswan and the
config file (ipsec.conf) is very similary to that shown in
http://www.natecarlson.com/linux/ipsec-x509.php
Even the windows host was modeled accordingly .
This is how the linux openswan ipsec.conf looks like:
conn rw-net
type=transport
authby=rsasig
left=20.0.0.3
leftnexthop=20.0.0.2
leftrsasigkey=%cert
leftsubnet=vhost:%no,%priv
leftprotoport=17/1701
right=20.0.0.2
rightsubnet=30.0.0.0/24
rightnexthop=20.0.0.3
rightrsasigkey=%cert
rightcert=server_crt.pem
rightsourceip=20.0.0.2
rightprotoport=17/1701
auto=add
pfs=no
The windows ipsec.conf is this :
conn rw-client
authby=rsasig
type=transport
pfs=yes
left=20.0.0.3
leftcert=%cert
right=20.0.0.2
rightsubnet=30.0.0.0/24
rightca="C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root Certificate
Authority,EmailAddress=root at tradeshowhell.com"
rightcert=%cert
auto=start
network=auto
Now , whenever I type ipsec.exe from windows, this is what the error I
get.
C:\ipsec>ipsec
IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Setting up IPSec ...
Deactivating old policy...
Removing old policy...
Connection rw-client:
MyTunnel : 20.0.0.3
MyNet : 20.0.0.3/255.255.255.255
PartnerTunnel: 20.0.0.2
PartnerNet : 30.0.0.0/255.255.255.0
CA (ID) : C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root
Certific...
PFS : y
Auto : start
Auth.Mode : MD5
Rekeying : 3600S/50000K
Error 0xcbbb0012 occurred:
The authentication method specified is invalid or unsupported.
POTF_VERSION
USAGE:
ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t
TunnelAddr
-a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime
-1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]
{-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y]
-o}
Creates or modifies IPSec policy.
ipseccmd \\machinename show gpo filters policies auth stats sas all
Displays current IPSec configuration.
ipseccmd \\machinename set [logike OR dontlogike]
Turns on/off IKE logging.
ipseccmd \\machinename [import OR export] Location FileName
Imports or exports a static policy file.
ipseccmd -file FileName
Executes a file containing regular static or dynamic ipseccmd
commands.
For extended usage, run: ipseccmd -?
Fehler bei Command: ipseccmd -w REG -p FreeSwan -r Host-rw-client -t
20.0.0.2 -f
20.0.0.3/255.255.255.255=30.0.0.0/255.255.255.0 -n
ESP[MD5,3DES]3600S/50000KPFS
-a CERT:"C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root Certificate
Authority,EmailA
ddress=root at tradeshowhell.com" " -lan -1p > NUL:
Error 0xcbbb0012 occurred:
The authentication method specified is invalid or unsupported.
POTF_VERSION
USAGE:
ipseccmd \\machinename -f FilterList -n NegotiationMethodList -t
TunnelAddr
-a AuthMethodList -1s SecurityMethodList -1k MMRekeyTime
-1e SoftSAExpirationTime -soft -confirm [-dialup OR -lan]
{-w Location -p PolicyName:PollInterval -r RuleName [-x OR -y]
-o}
ipseccmd \\machinename show gpo filters policies auth stats sas all
Displays current IPSec configuration.
ipseccmd \\machinename set [logike OR dontlogike]
Turns on/off IKE logging.
ipseccmd \\machinename [import OR export] Location FileName
Imports or exports a static policy file.
ipseccmd -file FileName
Executes a file containing regular static or dynamic ipseccmd
commands.
For extended usage, run: ipseccmd -?
Fehler bei Command: ipseccmd -w REG -p FreeSwan -r rw-client-Host -t
20.0.0.3 -f
30.0.0.0/255.255.255.0=20.0.0.3/255.255.255.255 -n
ESP[MD5,3DES]3600S/50000KPFS
-a CERT:"C=US,S=NC,O=Trade Show Hell,CN=MyOwn Root Certificate
Authority,EmailA
ddress=root at tradeshowhell.com" " -lan -1p > NUL:
Activating policy...
Error converting policy: 0x5
Any suggestions would be gratefully appreciated .
Thanks
Sambuddho
More information about the Users
mailing list