[Openswan Users] inter operate with windows server 2000 (site tosite)
Randy Wyatt
rwyatt at nvtl.com
Wed Jul 21 10:51:10 EDT 2010
What version of openswan are you using? You should be on 2.6.27.
Did you compile with ALLOW_MICROSOFT_BAD_PROPOSAL?
I have connections running to Windows 2003 Server, and to Windows 2008
server.
Regards,
Randy
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Ryan McLeod
Sent: Wednesday, July 21, 2010 7:11 AM
To: users at openswan.org
Subject: [Openswan Users] inter operate with windows server 2000 (site
tosite)
Has anyone successfully done a site-to-site connection with openswan
and Windows sever? I've been testing different VPN site-to-site setups
using a mix of different vendors. The server connected to a Cisco ASA
just fine. So now im trying to connect it to openswan, and no matter
what ive tried they wont get past STATE_MAIN_I1. I've setup my
ipsec.conf file similar to that for connection a Cisco ASA.
conn win
type=tunnel
authby=secret
left=200.200.200.3
leftnexthop=200.200.200.1
leftsubnet=10.10.10.0/24
right=200.200.200.1
rightnexthop=200.200.200.3
rightsubnet=11.11.11.0/24
esp=des-md5
keyexchange=ike
pfs=no
auto=start
I've done an openswan to openswan with an IP setup similar to
this(same network for the vpn connection). On the windows server RRAS,
i have deny all filters that block all traffic except the traffic from
subnet to subnet and tunnel endpoint to tunnel endpoint. IPsec is
setup to allow traffic back and forth from the subnets, des and md5
are setup for auth/encryption. Theres a static route to the subnet on
openswan. Not sure why they wont start to establish a tunnel. I can
see the ISAKMP packets they send each other to try and establish a
tunnel.
Thanks,
Ryan
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list