Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Linux2.2 Firewall/FreeSWAN1.96 -- Win2000 x509

From: Craig Taverner (craig.taverner_at_comopt.com)
Date: Wed Apr 10 2002 - 19:08:17 CEST

Next message: - FredD: "[Users] (no subject)"
Previous message: Isamp: "[Users] Trouble compiling Kernel 2.4.18 and FreeS/WAN 1.96"
Next in thread: Craig Taverner: "RE: [Users] Linux2.2 Firewall/FreeSWAN1.96 -- Win2000 x509"
Maybe reply: Craig Taverner: "RE: [Users] Linux2.2 Firewall/FreeSWAN1.96 -- Win2000 x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I've been trying out FreeSWAN with the x509 patch for Win2k roadwarrior
access to a private masqueraded network. Unfortunately I cannot get it
to work. I've read the complete x509 instructions, Marcus Muellers
shortcut instructions, FreeSWAN's firewall instructions and Nate
Carlsons Win2k/x509 instructions. I've even used the HOWTO information
on EICON's page for win2k native access to SafePipe equipment. No matter
which route I take I cannot get it to work.

My setup is the following:

(private network with 192.168.1.0/24 addresses) ---
Linux2.2.20/FreeSWAN1.96/x509_0.9.9 Masquerading Firewall --- (internet)
--- Win2k host

My goal is the have the win2k host be able to communicate with private
machines on the 192.168.1.0/24 subnet as if it were on that subnet.

The best results to date have been with either Marcus Muellers
instructions or the Safepipe instructions (which ultimately lead to very
similar configurations on the win2k side). In this case I get
authentication, and the Linux firewall/freeSWAN says that the IPSec
connection is up, but no ping or telnet access to hosts in the private
network. I have most recently tried Nate Carlson's instructions he
recently posted, but with the tiny changes to the firewall ipsec.conf
file he recommended (compress=yes and keyingtries=1 were the only
changes I needed to match his recommendations) I now no longer get
authentication even.

To date I've never got the roadwarrior setup to work. However, I did get
a subnet-subnet tunnel working some months ago (that was with FreeSWAN
1.93 I think, and no x509 patch). At that stage I was also unable to get
a roadwarrior configuration working. However the successful
subnet-subnet VPN lead me to believe that my firewall settings were OK.

Right now, the firewall settings are the only thing I can use to explain
my problems. However, from the FreeSWAN documentation I've implemented
the 'simple' boot stage firewall options, and that made no difference to
the problems I'm having.

If anyone has any suggestions as to what I can go now, I'd really
appreciate it. I'm willing to send in my current ipsec.conf files (both
firewall and win2k) if that will help clarify the situation.

My current suspicion is that I'm missing some critical point with regard
to the fact that the win2k is on a public internet ip address, while the
clients it's trying to access are on private addresses. However the
win2k setup does seem to take that into account (Marcus Muellers and Nat
Carlsons and the EICON instructions match in this regard).

Any help appreciated.

Thanks, Craig

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: - FredD: "[Users] (no subject)"
Previous message: Isamp: "[Users] Trouble compiling Kernel 2.4.18 and FreeS/WAN 1.96"
Next in thread: Craig Taverner: "RE: [Users] Linux2.2 Firewall/FreeSWAN1.96 -- Win2000 x509"
Maybe reply: Craig Taverner: "RE: [Users] Linux2.2 Firewall/FreeSWAN1.96 -- Win2000 x509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:51 CEST