[Openswan Users] inter operate with windows server 2000 (site tosite)

Randy Wyatt rwyatt at nvtl.com
Wed Jul 21 11:02:04 EDT 2010

You have to define it in programs/Pluto/Makefile.options.

I usually add it after line 282..


-----Original Message-----
From: Ryan McLeod [mailto:r.mcleod20 at gmail.com] 
Sent: Wednesday, July 21, 2010 7:54 AM
To: Randy Wyatt
Cc: users at openswan.org
Subject: Re: [Openswan Users] inter operate with windows server 2000 (site tosite)

Yes it is version 2.6.27. I cant say whether or not i specified
ALLOW_MICROSOFT_BAD_PROPOSAL. That would be specified during
./configure correct?



On Wed, Jul 21, 2010 at 10:51 AM, Randy Wyatt <rwyatt at nvtl.com> wrote:
> What version of openswan are you using?  You should be on 2.6.27.
> Did you compile with ALLOW_MICROSOFT_BAD_PROPOSAL?
> I have connections running to Windows 2003 Server, and to Windows 2008
> server.
> Regards,
> Randy
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
> Behalf Of Ryan McLeod
> Sent: Wednesday, July 21, 2010 7:11 AM
> To: users at openswan.org
> Subject: [Openswan Users] inter operate with windows server 2000 (site
> tosite)
> Has anyone successfully done a site-to-site connection with openswan
> and Windows sever? I've been testing different VPN site-to-site setups
> using a mix of different vendors. The server connected to a Cisco ASA
> just fine. So now im trying to connect it to openswan, and no matter
> what ive tried they wont get past STATE_MAIN_I1. I've setup my
> ipsec.conf file similar to that for connection a Cisco ASA.
> conn win
>    type=tunnel
>    authby=secret
>    left=
>    leftnexthop=
>    leftsubnet=
>    right=
>    rightnexthop=
>    rightsubnet=
>    esp=des-md5
>    keyexchange=ike
>    pfs=no
>    auto=start
> I've done an openswan to openswan with an IP setup similar to
> this(same network for the vpn connection). On the windows server RRAS,
> i have deny all filters that block all traffic except the traffic from
> subnet to subnet and tunnel endpoint to tunnel endpoint. IPsec is
> setup to allow traffic back and forth from the subnets, des and md5
> are setup for auth/encryption. Theres a static route to the subnet on
> openswan. Not sure why they wont start to establish a tunnel. I can
> see the ISAKMP packets they send each other to try and establish a
> tunnel.
> Thanks,
> Ryan
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list