Hello<br><br><div class="gmail_quote">2012/2/9 Den <span dir="ltr">&lt;<a href="mailto:brusok@gmail.com" target="_blank">brusok@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div>Hello!</div><div>There are no results :(</div><div>I can&#39;t use linux,openswan + win7 over VPN.</div><div>I think that  problem is in Windows. But I can&#39;t find where it is.</div><div><br></div><div>Linux, openswan, /etc/ipsec.conf:<br>


</div>conn lnx-win<br>        type=tunnel<br>        auto=add<br>        pfs=yes<br>        right=192.168.1.38<br>        left=192.168.1.15<br>        auth=esp<br>        authby=secret<br>        forceencaps=no<br>        esp=3des-sha1-96<br>


        rekey=no<br>        dpdaction=clear<br>        dpddelay=30<br>        dpdtimeout=30<br></blockquote><div><br></div><div>...<br></div><div><br></div><div>You do not use NAT so you do not need it.<br>Just delete. </div>

<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Windows 7 registry<br>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPSec]<br>
&quot;AssumeUDPEncapsulationContextOnSendRule&quot;=dword:00000002<br><br>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]<br>&quot;AssumeUDPEncapsulationContextOnSendRule&quot;=dword:00000002<br></blockquote>

</div><div><br></div><div><br></div><div>I created a policy for windows win7-linux_tun.ipsec. You need to import it.<br>The old policy is better disable (or remove).</div><div><br></div><div>To import this security policy, simply navigate to (and click on) administrative tools (start, settings, control panel),local security policy, right click on IP security policies on local computer, all tasks, import policies and choose the location of the win7-linux_tun.ipsec file you extracted from the zip file win7-linux_tun.ipsec.zip.<br>

<br>How to Activate the IPSec Policy:<br>To activate the IPSec policy, simply right clicking on the new policy (TEST Pol) and choose assign.<br>You can also use the command prompt to import the security policy, simply type:<br>

<br>netsh ipsec static importpolicy c:\win7-linux_tun.ipsec<br><br></div><div>Here is the configs for Openswan</div><div>cat /etc/ipsec.conf<div><br></div><div>version 2.0</div><div>config setup</div><div style="margin-left:40px!important">

    klipsdebug=none</div><div style="margin-left:40px!important">    plutodebug=none</div><div style="margin-left:40px!important">    uniqueids=yes</div><div style="margin-left:40px!important">    strictcrlpolicy=no</div>

<div style="margin-left:40px!important">    protostack=netkey</div><div style="margin-left:40px!important">nhelpers=0</div><div style="margin-left:40px!important">    oe=off</div><div><br></div><div>conn win-tun</div><div style="margin-left:40px!important">

    type=tunnel</div><div style="margin-left:40px!important">    authby=secret</div><div style="margin-left:40px!important">    auth=esp</div><div style="margin-left:40px!important">    keyingtries=0</div><div style="margin-left:40px!important">

    compress=no</div><div style="margin-left:40px!important">    pfs=yes</div><div style="margin-left:40px!important">    esp=3des-sha1</div><div style="margin-left:40px!important">    ike=3des-sha1</div><div style="margin-left:40px!important">

    ikelifetime=7200s</div><div style="margin-left:40px!important">    keylife=900s</div><div style="margin-left:40px!important">    rekey=yes</div><div style="margin-left:40px!important">    rekeymargin=90s</div><div style="margin-left:40px!important">

    rekeyfuzz=5%</div><div style="margin-left:40px!important">left=192.168.1.15</div><div style="margin-left:40px!important">    leftsubnet=<a href="http://192.168.1.15/32">192.168.1.15/32</a></div><div style="margin-left:40px!important">

    right=192.168.1.38</div><div style="margin-left:40px!important">rightsubnet=<a href="http://192.168.1.38/32">192.168.1.38/32</a></div><div style="margin-left:40px!important">    auto=route</div></div><div style="margin-left:0px!important">
<br></div><div style="margin-left:0px!important">cat /etc/ipsec.secrets<br></div><div style="margin-left:40px!important">
 192.168.1.15 %any: &quot;test&quot;</div><div style="margin-left:0px!important"><br></div>