[Openswan Users] openswan + Win7 + pre-shared key

Pavel Kopchyk pkopchyk at gmail.com
Thu Feb 9 18:12:27 EST 2012


Hello

2012/2/9 Den <brusok at gmail.com>

> Hello!
> There are no results :(
> I can't use linux,openswan + win7 over VPN.
> I think that problem is in Windows. But I can't find where it is.
>
> Linux, openswan, /etc/ipsec.conf:
> conn lnx-win
> type=tunnel
> auto=add
> pfs=yes
> right=192.168.1.38
> left=192.168.1.15
> auth=esp
> authby=secret
> forceencaps=no
> esp=3des-sha1-96
> rekey=no
> dpdaction=clear
> dpddelay=30
> dpdtimeout=30
>

...

You do not use NAT so you do not need it.
Just delete.

Windows 7 registry
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPSec]
> "AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
> "AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
>


I created a policy for windows win7-linux_tun.ipsec. You need to import it.
The old policy is better disable (or remove).

To import this security policy, simply navigate to (and click on)
administrative tools (start, settings, control panel),local security
policy, right click on IP security policies on local computer, all tasks,
import policies and choose the location of the win7-linux_tun.ipsec file
you extracted from the zip file win7-linux_tun.ipsec.zip.

How to Activate the IPSec Policy:
To activate the IPSec policy, simply right clicking on the new policy (TEST
Pol) and choose assign.
You can also use the command prompt to import the security policy, simply
type:

netsh ipsec static importpolicy c:\win7-linux_tun.ipsec

Here is the configs for Openswan
cat /etc/ipsec.conf

version 2.0
config setup
klipsdebug=none
plutodebug=none
uniqueids=yes
strictcrlpolicy=no
 protostack=netkey
nhelpers=0
oe=off

conn win-tun
type=tunnel
authby=secret
auth=esp
keyingtries=0
compress=no
pfs=yes
esp=3des-sha1
ike=3des-sha1
ikelifetime=7200s
keylife=900s
rekey=yes
rekeymargin=90s
rekeyfuzz=5%
left=192.168.1.15
leftsubnet=192.168.1.15/32
right=192.168.1.38
rightsubnet=192.168.1.38/32
auto=route

cat /etc/ipsec.secrets
192.168.1.15 %any: "test"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120210/d3c47057/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: win7-linux_tun.ipsec.zip
Type: application/zip
Size: 2993 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/users/attachments/20120210/d3c47057/attachment.zip>


More information about the Users mailing list