Hi!
Harry Brueckner wrote:
>
> Hello,
>
> I am trying to get W2k to connect to my FreeS/WAN gateway (freeswan
> 1.96, x509 0.9.9). I had a test environment working and got a W2k
> notebook to connect to FreeS/WAN properly.
> I am using Marcus Müller's tool and the very nice help page from Nate
> Carlson.
>
> After setting up my real life environment, replacing the test
> certificates and configuring another W2k machine I have no furtger idea
> about what to do.
>
> The W2k machine does not even send a single data packet into the network
> when it tries to start the VPN connection. The statistics about the
> network interface and Ethereal do not show any outgoing data.
> The former test notebook still works fine and even sends data with wrong
> or no certificate at all (which fails during the authentication of course).
>
> Now the question is: What is wrong that the W2k client does not send any
> packets?
>
I had a similar problem when I tried to set up a VPN between
W2K and Free/SWAN
First: The "ipsec.exe" tool only installs the Windows IPsec policy,
it does _not_ actually start the tunnel!
The tunnel is activated the first time windows sees a packet sent
to the internal network on the other side of the tunnel.
Try to ping some host in your rightsubnet behind your FreeS/WAN
gateway.
This should activate your tunnel. (Though from your problem
description it looks like you knew that already, didn't you?)
Second: Windows is very picky about special characters in the DN.
In our case, it was the "+" in "xS+S" which Windows didn't like,
and the VPN configuration was ignored completely, resulting in the
same symptoms you describe. I don't see this problem in your example
configuration file, but it is something to be aware of. Maybe it
also doesn't like the "-" in your "O=" field?
You can also activate some Windows debugging feature to get
more information out of this "operating system"
You have to add the following key to your registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley
and add a REG_DWORD named "EnableLogging" with a value of
"1" to this key.
After a reboot windows writes some debugging information
to a file called "Oakley.log" in your %SystemRoot%\debug folder.
HTH
- andreas
-- Andreas Haumer | mailto:andreas_at_xss.co.at *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST