Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] FreeSWAN <-> Windows 2K - IPSEC tunnels - Failed oakley negotiation

From: Jordan Share (iso9_at_jwiz.org)
Date: Sat Jun 08 2002 - 03:32:38 CEST

Next message: Francis GASCHET: "Re: [Users] Can't Ping and no recognition of Tunnel"
Previous message: Jordan Share: "RE: [Users] FreeSwan over satellite"
In reply to: Patrick M. DiLeonardo: "[Users] FreeSWAN <-> Windows 2K - IPSEC tunnels - Failed oakley negotiation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Did you check your "filters" in the IPSec policy stuff?

Does it have a filter that matches packets destined for a remote subnet?

Also, I'm not really clear on what you are trying to do. Are you trying to talk to a subnet behind freeswan, from the win2k box, or are you trying to connect 2 subnets, one behind win2k and one behind freeswan?

I am using the win2k IPSec whatnot to connect to a Netscreen100, and talk to 2 subnets behind it. But I've not used win2k to connect to freeswan. Still, I would imagine that most things are similar.

Jordan

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Patrick M.
> DiLeonardo
> Sent: Thursday, June 06, 2002 8:21 AM
> To: users_at_lists.freeswan.org
> Subject: [Users] FreeSWAN <-> Windows 2K - IPSEC tunnels - Failed oakley
> negotiation
>
>
> OK guys, any clue how to troubleshoot the following message.
>
> The IPSec driver failed the oakley negotiation with 172.16.3.1
> since no filter exists to protect packets to that destination.
> Please check the configuration on this machine to ensure at least
> one filter matches the destination.
>
> I can get W2k talking to windows and exchanging packets just fine
> in transport mode. Once I specify a tunnel behind a gateway on
> the windows side, I get the above message in the W2k System log.
>
> The problem appears to be completely on the Windows side, nothing
> ever shows up in the log on the Linux side. It appears to not
> even be attempting to communicate. Nothing in the W2k oakley log
> either.
>
> It's gotta be something simple, but I can't find it. (have tried
> from other W2k machines also). W2k and linux gateway are on same
> subnet and connected via ethernet.
>
> Any help appreciated.
>
> Patrick M. DiLeonardo
> 919-676-0494
> mailto:pat_at_agraleigh.com

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Francis GASCHET: "Re: [Users] Can't Ping and no recognition of Tunnel"
Previous message: Jordan Share: "RE: [Users] FreeSwan over satellite"
In reply to: Patrick M. DiLeonardo: "[Users] FreeSWAN <-> Windows 2K - IPSEC tunnels - Failed oakley negotiation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST