Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Problem configuring Win2k warrior

From: Josep Llauradó Selvas (darlock_at_tinet.org)
Date: Fri May 03 2002 - 10:35:39 CEST

Next message: Henry Spencer: "RE: [Users] automatic vs. manual keying"
Previous message: Philip Reetz: "[Users] Help: Win2k <-> Freeswan w/ X509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm trying to configure a fresh FreeS/WAN using Win2k clients as road
warriors.

In a first step I want to try it using preshared secrets and I did the
following steps:

Linux (FreeS/WAN 1.95):
        ·Patch the kernel
        ·Install FreeS/WAN packages (under Debian)
        ·Configure it as follows:
    --------> ipsec.conf <-------------------------------------------
    config setup
            # THIS SETTING MUST BE CORRECT or almost nothing will work;
            # %defaultroute is okay for most simple cases.
            interfaces=%defaultroute
            # Debug-logging controls: "none" for (almost) none, "all"
    for lots.
            klipsdebug=none
            plutodebug=none
            # Use auto= parameters in conn descriptions to control
    startup actions.
            plutoload=%search
            plutostart=%search
            # Close down old connection when new one using same ID shows
    up.
            uniqueids=yes

    conn %default
            keyingtries=0
            spi=0x200
            esp=3des-md5-96

    conn gaialan
            left=freeswan
            right=roadwarrior
            type=transport
            pfs=yes
            auth=esp
            auto=add
    ------------> <------------------------------
        ·I have created the ipsec.secrets:

    freeswan roadwarrior "XXX"

Win2K:
        ·Installed the security patch
        ·Upgraded to SP2
        ·I have configured the security policy using
                "The Quick and Dirty way of combining FreeS/WAN and Windows 2000
IPSEC"

Well,

I start the connection using Win2k as initiator. I get the IP address
and I put it into ipsec.conf and I restart freeswan.

Then I turn on security policy, and exec ipsecmon on Win2k client,
nothing happens.

I ping my freeswan, all the pings return ???????????????????

I take a look into freeswan, there isn't any log about connection
attempts.

What I'm doing wrong? How can I debug the connection?

I have added a few iptables logging lines to see what happens but there
isn't connections using ESP protocol, but I see the ping ICMP packets.

NOTE: freeswan and road-warrior are ip's in my config file on both
sides. If anybody can tell me how can I dump the Win2k config I'll send
to the list.

Regards.

-- _________________________________________________________ Josep Llauradó Selvas darlock_at_tinet.org Linux Registered User #153481 The only "intuitive" interface is the nipple. After that, it's all learned. (in comp.os.linux.misc, on X interfaces.) _________________________________________________________

application/pgp-signature attachment: This is a digitally signed message part

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Henry Spencer: "RE: [Users] automatic vs. manual keying"
Previous message: Philip Reetz: "[Users] Help: Win2k <-> Freeswan w/ X509"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST