[Openswan Users] Windows "any IP address"
Mark Himsley
mark at mdsh.com
Fri Aug 5 18:31:44 EDT 2011
Hi, I hope you can help, because reading the fabulous book and Googling
has not helped so far.
I've got a problem making a Linux Openswan client connect to a Windows
XP "server" - both are within a private non-Internet connected WAN with
no NAT.
The Windows XP box is configured using Microsoft's built in secpol snapin.
Its authenticated by a PSK.
The Windows XP box is setup to allow "any IP address" to connect, but it
I try to connect I don't get past "STATE_QUICK_I1: initiate".
If I change the Windows XP box to only allow connections from either a
single IP address or from a subnet then the connection works fine.
My problem is, that I actually want to connect to a different Windows XP
box that is setup by someone else, and they insist it has to be setup to
allow "any IP address" to connect.
Is this a known issue - I'd have thought I'd have found it when Googling
though, or is there something obviously wrong with my config.
%any 10.11.12.13 : PSK "123456789012345678901234"
conn devBox
# LOCAL
left=10.9.8.7
# REMOTE
right=10.11.12.13
# CONFIG
type=transport
authby=secret
auto=start
phase2=esp
pfs=yes
keylife=10m
rekey=yes
rekeymargin=2m
rekeyfuzz=10%
keyingtries=0
ikelifetime=10m
I've got really short timeout times just at the moment - I'll make them
longer when all is working. And there are probably some parameters that
are the default - I'll clear it up later too.
Below is the section of log where the connection fails and stops.
Any hints would be great. Thanks.
Aug 5 19:22:20 app01 pluto[11889]: | p15 state object #9 found, in
STATE_MAIN_I4
Aug 5 19:22:20 app01 pluto[11889]: | processing connection devBox
Aug 5 19:22:20 app01 pluto[11889]: | last Phase 1 IV: 05 64 fc ed bd
4b 1e 85
Aug 5 19:22:20 app01 pluto[11889]: | current Phase 1 IV: 05 64 fc ed
bd 4b 1e 85
Aug 5 19:22:20 app01 pluto[11889]: | computed Phase 2 IV:
Aug 5 19:22:20 app01 pluto[11889]: | f2 f0 df 32 b9 66 38 c9 a7 8c
bf f5 b2 16 f8 28
Aug 5 19:22:20 app01 pluto[11889]: | 17 ff a4 4c
Aug 5 19:22:20 app01 pluto[11889]: | received encrypted packet from
10.129.139.35:500
Aug 5 19:22:20 app01 pluto[11889]: | decrypting 40 bytes using
algorithm OAKLEY_3DES_CBC
Aug 5 19:22:20 app01 pluto[11889]: | decrypted:
Aug 5 19:22:20 app01 pluto[11889]: | 0b 00 00 18 bb 63 0d 46 db ea
a2 ee 31 7d 75 66
Aug 5 19:22:20 app01 pluto[11889]: | de d7 6b f7 f7 25 5a 2f 00 00
00 10 00 00 00 01
Aug 5 19:22:20 app01 pluto[11889]: | 03 04 00 12 00 00 00 00
Aug 5 19:22:20 app01 pluto[11889]: | next IV: 38 04 df ce 40 65 b3 b1
Aug 5 19:22:20 app01 pluto[11889]: | got payload
0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
Aug 5 19:22:20 app01 pluto[11889]: | ***parse ISAKMP Hash Payload:
Aug 5 19:22:20 app01 pluto[11889]: | next payload type: ISAKMP_NEXT_N
Aug 5 19:22:20 app01 pluto[11889]: | length: 24
Aug 5 19:22:20 app01 pluto[11889]: | got payload 0x800(ISAKMP_NEXT_N)
needed: 0x0 opt: 0x0
Aug 5 19:22:20 app01 pluto[11889]: | ***parse ISAKMP Notification Payload:
Aug 5 19:22:20 app01 pluto[11889]: | next payload type: ISAKMP_NEXT_NONE
Aug 5 19:22:20 app01 pluto[11889]: | length: 16
Aug 5 19:22:20 app01 pluto[11889]: | DOI: ISAKMP_DOI_IPSEC
Aug 5 19:22:20 app01 pluto[11889]: | protocol ID: 3
Aug 5 19:22:20 app01 pluto[11889]: | SPI size: 4
Aug 5 19:22:20 app01 pluto[11889]: | Notify Message Type:
INVALID_ID_INFORMATION
Aug 5 19:22:20 app01 pluto[11889]: "devBox" #9: ignoring informational
payload, type INVALID_ID_INFORMATION msgid=00000000
Aug 5 19:22:20 app01 pluto[11889]: | info: 00 00 00 00
Aug 5 19:22:20 app01 pluto[11889]: | processing informational
INVALID_ID_INFORMATION (18)
Aug 5 19:22:20 app01 pluto[11889]: "devBox" #9: received and ignored
informational message
Aug 5 19:22:20 app01 pluto[11889]: | complete state transition with
STF_IGNORE
Aug 5 19:22:20 app01 pluto[11889]: | * processed 0 messages from
cryptographic helpers
--
Mark
More information about the Users
mailing list