[Openswan Users] Windows 7 IKEv2 no reaction at all

Roland Plüss roland at rptd.ch
Mon Aug 8 20:31:43 EDT 2011


On 08/08/2011 10:05 PM, Paul Wouters wrote:
> On Mon, 8 Aug 2011, Roland Plüss wrote:
>
>>> We're at 2.6.35, so that's kinda old....
>> 2.6.29 is the second-latest untested in GenToo. 2.6.31 the latest
>> untested. 2.6.31 crashes though if a connection is initiated so I had to
>> revert to 2.6.29 .
>
> -rw-r--r--    1 0        0        11663568 Sep 27  2010
> openswan-2.6.29.tar.gz
> -rw-r--r--    1 0        0        11677821 Oct 18  2010
> openswan-2.6.31.tar.gz
>
> That's a year old, so for IKEv2 and Win7 stuff, that's a bit dated.
> (though I dont think that is actually your problem right now)
That's unfortunately a little with of a problem doing it the GenToo way.
That said Ubuntu isn't blistering bleeding edge neither.
>> Using this Windows Agile VPN thing or how it is called hence pure IPSec
>> without l2tp. Used guides to set it up including a strongswan based one
>> which should be equal for the windows side.
>
> Yeah so that should cause IKE packets to flow, but it does not.
>
>> On the openswan side I use
>> the same conn I use for connecting using Un*x machines. Anything
>> particular one has to do there to get it working?
>
> That part does not matter yet, if openswan doesnt receive a single
> packet.
>
> I assume you did disable all firewalling so you're not filtering
> packets the
> win7 machine sends?
No, that should not be the problem. For testing purpose I disabled the
W7 firewall to be sure without a change. Also the tcpdump I ran on the
server directly (the output I posted). Furthermore I have as last rule
before dropping a log rule so if a package would be dropped it would
show up in the drop-log. There is though no such dropped package so the
three sent packages are from the W7 machine arriving at the server
machine. As an interesting side note using 2.4.x (stable under GenToo)
the packages did arrive at openswan but it logged a warning as IKEv2 is
not supported. Upgrading to 2.6.29 made the warning log message vanish
but as mentioned no reaction from openswan. This leads me to the
conclusion that openswan gets the packet but somehow totally ignores it.
Unfortunately I've no idea how to debug this further. I even tried with
plutodebug enabled but no trace in the logs of openswan processing the
packets. If I use with the very same laptop a Linux and connect with the
very same certificate and server address I get the connection up and
running. So the firewall on the server is for sure not the problem and
the configuration in openswan also not. Could it be openswan doesn't
understand the packet send by W7 and drops it without saying anything?

-- 
Yours sincerely
Plüss Roland

Leader and Head Programmer
- Game: Epsylon ( http://www.indiedb.com/games/epsylon ,
http://epsylon.rptd.ch )
- Game Engine: Drag[en]gine ( http://www.indiedb.com/engines/dragengine
, http://dragengine.rptd.ch )
- Normal Map Generator: DENormGen ( http://epsylon.rptd.ch/denormgen.php
) and others

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110809/9de97d12/attachment.bin 


More information about the Users mailing list