[Openswan Users] Windows "any IP address"
Mark Himsley
mark at mdsh.com
Sun Aug 7 06:24:21 EDT 2011
On 05/08/2011 23:31, Mark Himsley wrote:
> Hi, I hope you can help, because reading the fabulous book and Googling
> has not helped so far.
>
> I've got a problem making a Linux Openswan client connect to a Windows
> XP "server" - both are within a private non-Internet connected WAN with
> no NAT.
[...]
> %any 10.11.12.13 : PSK "123456789012345678901234"
>
> conn devBox
> # LOCAL
> left=10.9.8.7
> # REMOTE
> right=10.11.12.13
> # CONFIG
> type=transport
> authby=secret
> auto=start
> phase2=esp
> pfs=yes
> keylife=10m
> rekey=yes
> rekeymargin=2m
> rekeyfuzz=10%
> keyingtries=0
> ikelifetime=10m
I thought I should update this thread for posterity.
I worked out the problem - although the Windows XP "server" was
configured to allow connections from "any IP address", it was configured
to only allow TCP connections from any port to port 2001.
Reading the fine ipsec.conf manual, I now see that Windows was refusing
my connection because I was not including that specific restriction in
my proposal.
So I have added these two lines to my conn, and Windows accepts the
proposal and the connection works.
leftprotoport=tcp
rightprotoport=tcp/2001
--
Mark
More information about the Users
mailing list