[Openswan Users] Windows "any IP address"

Mark Himsley mark at mdsh.com
Sun Aug 7 06:24:21 EDT 2011

On 05/08/2011 23:31, Mark Himsley wrote:
> Hi, I hope you can help, because reading the fabulous book and Googling 
> has not helped so far.
> I've got a problem making a Linux Openswan client connect to a Windows 
> XP "server" - both are within a private non-Internet connected WAN with 
> no NAT.


> %any : PSK "123456789012345678901234"
> conn devBox
>          # LOCAL
>          left=
>          # REMOTE
>          right=
>          # CONFIG
>          type=transport
>          authby=secret
>          auto=start
>          phase2=esp
>          pfs=yes
>          keylife=10m
>          rekey=yes
>          rekeymargin=2m
>          rekeyfuzz=10%
>          keyingtries=0
>          ikelifetime=10m

I thought I should update this thread for posterity.

I worked out the problem - although the Windows XP "server" was
configured to allow connections from "any IP address", it was configured
to only allow TCP connections from any port to port 2001.

Reading the fine ipsec.conf manual, I now see that Windows was refusing
my connection because I was not including that specific restriction in
my proposal.

So I have added these two lines to my conn, and Windows accepts the
proposal and the connection works.



More information about the Users mailing list