[Openswan Users] openswan + Win7 + pre-shared key

Den brusok at gmail.com
Thu Feb 9 05:28:28 EST 2012


Hello!
There are no results :(
I can't use linux,openswan + win7 over VPN.
I think that problem is in Windows. But I can't find where it is.

Linux, openswan, /etc/ipsec.conf:
conn lnx-win
type=tunnel
auto=add
pfs=yes
right=192.168.1.38
left=192.168.1.15
auth=esp
authby=secret
forceencaps=no
esp=3des-sha1-96
rekey=no
dpdaction=clear
dpddelay=30
dpdtimeout=30


linux, openswan, ~>ipsec auto --status
000
000 "lnx-win":
192.168.1.15<192.168.1.15>[+S=C]...192.168.1.38<192.168.1.38>[+S=C];
erouted; eroute owner: #2
000 "lnx-win": myip=unset; hisip=unset;
000 "lnx-win": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "lnx-win": policy:
PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio:
32,32; interface: eth0;
000 "lnx-win": dpd: action:clear; delay:30; timeout:30;
000 "lnx-win": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "lnx-win": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "lnx-win": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_096; flags=-strict
000 "lnx-win": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_096
000 "lnx-win": ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<Phase1>
000
000 #2: "lnx-win":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 28764s; newest IPSEC; eroute owner; isakmp#1; idle;
import:not set
000 #2: "lnx-win" esp.55efcd42 at 192.168.1.38 esp.4a96971d at 192.168.1.15 ref=2
refhim=1
000 #1: "lnx-win":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_EXPIRE in 28764s; newest ISAKMP; nodpd; idle; import:not set
000

linux, openswan, /var/log/secure:
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: responding to Main Mode
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R1: sent MR1,
expecting MI2
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: NAT-Traversal: Result
using RFC 3947 (NAT-Traversal): no NAT detected
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R2: sent MR2,
expecting MI3
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: Main mode peer ID is
ID_IPV4_ADDR: '192.168.1.38'
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: Dead Peer Detection (RFC
3706): not enabled because peer did not advertise it
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #1: the peer proposed:
192.168.1.15/32:0/0 -> 192.168.1.38/32:0/0
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: responding to Quick Mode
proposal {msgid:01000000}
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: us:
192.168.1.15<192.168.1.15>[+S=C]
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: them:
192.168.1.38<192.168.1.38>[+S=C]
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: STATE_QUICK_R1: sent QR1,
inbound IPsec SA installed, expecting QI2
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: Dead Peer Detection (RFC
3706): not enabled because peer did not advertise it
Feb 9 11:52:34 linux pluto[25699]: "lnx-win" #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2


Windows 7 (192.168.1.38), VPN is ON
C:\>ping 192.168.1.15

Pinging 192.168.1.15 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.15:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Windows 7 (192.168.1.38), VPN is OFF
C:\>ping 192.168.1.15

Pinging 192.168.1.15 with 32 bytes of data:
Reply from 192.168.1.15: bytes=32 time=1ms TTL=64
Reply from 192.168.1.15: bytes=32 time<1ms TTL=64
Reply from 192.168.1.15: bytes=32 time<1ms TTL=64
Reply from 192.168.1.15: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

Windows 7 registry
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPSec]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120209/bb7c0e47/attachment.html>


More information about the Users mailing list