[Users] AW: Problem with freeswan 1.96/X509 + Win XP/2000 clients

From: Müller, Marcus (Marcus.Mueller_at_ebootis.de)
Date: Tue Jul 30 2002 - 16:51:19 CEST

• Next message: John A. Sullivan III: "Re: [Users] Help me please"
• Previous message: Rohit Peyyeti: "[Users] Help me please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
the only point I see right now is the hanging of WLAN Windows clients.
There is a fix (latest version) of my ipsec tool to change the rekeying
behaviour.

Marcus

-----Ursprüngliche Nachricht-----
Von: Matthieu Parisot [bootik.org] [mailto:mat_at_bootik.org]
Gesendet: Dienstag, 30. Juli 2002 16:42
An: natecars_at_natecarlson.com; marcus_at_ebootis.de
Cc: users_at_lists.freeswan.org
Betreff: Problem with freeswan 1.96/X509 + Win XP/2000 clients

Hi everybody,

Here is what I'm trying to do :

                               FIREWALL-VPN
                             GW O-OO
Secure network /----\eth1 Wireless
   -----------------| |-------------O O-OO Wireless clients
   | eth0 \----/ Access Point
   | |ppp0 O-OO
-------- |
servers |DSL connexion
                           |
                        Internet
                        / | \
                        | | |
                       OO OO OO
               road warrior clients

-The clients are running win2K,XP and linux
-The gateway is running Linux 2.4.18 + freeswan 1.96 + iptables 1.2.6a

I've attached a tool that wrote to create allmost everything that
http://www.natecarlson.com/include/showpage.php?cat=linux&page=ipsec-x509
explains. Also a modified version of the Marcus Müller tool (original
version available on http://vpn.ebootis.de/) that allows to switch easily
between two ipsec.conf configuration on windows 2K/XP.

What works?
-Linux Wireless LAN clients
-XP/2000 Wireless LAN clients but it hangs after a variable amount of time,
with no way to recover (but destroying manually tunnels manually on the
gateway, and reset/reboot windows client)

What does not works?
-XP roadwarrior client, because of a premature DELETE SA sent by the client;
-If I have more than one client, freeswan tries to associate clients with
other clients configurations, disregarding the rightcert parameter;

Could anyone kind could have a look to my tool and my way of creating
configurations, and tell me what i'm doing wrong? Is it reasonnable to have
ten config files, with only the rightcert parameter changing? Why does XP
sends DELETE SA after 1 second of activity?

Please help me, I'm getting crazy!

Mat.

mat_at_bootik.org

____________
Virus checked by G DATA AntiVirusKit
Version: AVK 11.0.92 from 25.03.2002
Virus news: www.antiviruslab.com

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John A. Sullivan III: "Re: [Users] Help me please"
• Previous message: Rohit Peyyeti: "[Users] Help me please"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST