[Openswan Users] openswan + Win7 + pre-shared key

Paul Wouters paul at nohats.ca
Wed Feb 8 11:25:05 EST 2012 

On Wed, 8 Feb 2012, Den wrote:

> I can't setup VPN 
>    Windows 7 client  192.168.1.38 <--> Linux sever  Openswan  192.168.1.15 
> 
> I think that VPN is  established.
> But I can't access Linux server from Windows 7 client.
> I setup VPN on Win7  in "ip security policies on local computer"
> Windows's firewall is turned off.
> 
> Can somebody help me?
> Thank you
> 
> 
> >ipsec --version
> Linux Openswan U2.6.37/K(no kernel code presently loaded)
> 
> /var/log/secure: 
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: the peer proposed: 192.168.1.15/32:0/0 -> 192.168.1.38/32:0/0
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: responding to Quick Mode proposal {msgid:01000000}
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: us: 192.168.1.15<192.168.1.15>[+S=C]
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: them: 192.168.1.38<192.168.1.38>[+S=C]
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x89c5ef96 <0x3d6e53aa xfrm=3DES_0-HMAC_SHA1 NATOA=192.168.1.38
> NATD=192.168.1.38:4500 DPD=none}
> 
> /etc/ipsec.conf:

> right=192.168.1.38
> left=192.168.1.15

> forceencaps=yes

forceencaps will result in NAT-T, which over the local lan might not
work at all?

Paul

More information about the Users mailing list