[Openswan Users] openswan + Win7 + pre-shared key
Paul Wouters
paul at nohats.ca
Wed Feb 8 11:25:05 EST 2012
On Wed, 8 Feb 2012, Den wrote:
> I can't setup VPN
> Windows 7 client 192.168.1.38 <--> Linux sever Openswan 192.168.1.15
>
> I think that VPN is established.
> But I can't access Linux server from Windows 7 client.
> I setup VPN on Win7 in "ip security policies on local computer"
> Windows's firewall is turned off.
>
> Can somebody help me?
> Thank you
>
>
> >ipsec --version
> Linux Openswan U2.6.37/K(no kernel code presently loaded)
>
> /var/log/secure:
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: the peer proposed: 192.168.1.15/32:0/0 -> 192.168.1.38/32:0/0
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: responding to Quick Mode proposal {msgid:01000000}
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: us: 192.168.1.15<192.168.1.15>[+S=C]
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: them: 192.168.1.38<192.168.1.38>[+S=C]
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x89c5ef96 <0x3d6e53aa xfrm=3DES_0-HMAC_SHA1 NATOA=192.168.1.38
> NATD=192.168.1.38:4500 DPD=none}
>
> /etc/ipsec.conf:
> right=192.168.1.38
> left=192.168.1.15
> forceencaps=yes
forceencaps will result in NAT-T, which over the local lan might not
work at all?
Paul
More information about the Users
mailing list