[Openswan Users] inter operate with windows server 2000 (site to site)

Ryan McLeod r.mcleod20 at gmail.com
Wed Jul 21 10:11:13 EDT 2010


Has anyone successfully done a site-to-site connection with openswan
and Windows sever? I've been testing different VPN site-to-site setups
using a mix of different vendors. The server connected to a Cisco ASA
just fine. So now im trying to connect it to openswan, and no matter
what ive tried they wont get past STATE_MAIN_I1. I've setup my
ipsec.conf file similar to that for connection a Cisco ASA.

conn win
    type=tunnel
    authby=secret
    left=200.200.200.3
    leftnexthop=200.200.200.1
    leftsubnet=10.10.10.0/24
    right=200.200.200.1
    rightnexthop=200.200.200.3
    rightsubnet=11.11.11.0/24
    esp=des-md5
    keyexchange=ike
    pfs=no
    auto=start

I've done an openswan to openswan with an IP setup similar to
this(same network for the vpn connection). On the windows server RRAS,
i have deny all filters that block all traffic except the traffic from
subnet to subnet and tunnel endpoint to tunnel endpoint. IPsec is
setup to allow traffic back and forth from the subnets, des and md5
are setup for auth/encryption. Theres a static route to the subnet on
openswan. Not sure why they wont start to establish a tunnel. I can
see the ISAKMP packets they send each other to try and establish a
tunnel.

Thanks,

Ryan


More information about the Users mailing list