8 Feb 13:23
[Openswan Users] openswan + Win7 + pre-shared key
Den <brusok <at> gmail.com>
2012-02-08 12:23:54 GMT
2012-02-08 12:23:54 GMT
Hello!
I can't setup VPN
Windows 7 client
192.168.1.38
<--> Linux sever Openswan 192.168.1.15
I think that VPN is established.
But I can't access Linux server from Windows 7 client.
I setup VPN on Win7 in "ip security policies on local computer"
Windows's firewall is turned off.
Can somebody help me?
Thank you
>ipsec --version
Linux Openswan U2.6.37/K(no kernel code presently loaded)
/var/log/secure:
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: the peer proposed: 192.168.1.15/32:0/0 -> 192.168.1.38/32:0/0
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: responding to Quick Mode proposal {msgid:01000000}
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: us: 192.168.1.15<192.168.1.15>[+S=C]
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: them: 192.168.1.38<192.168.1.38>[+S=C]
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x89c5ef96 <0x3d6e53aa xfrm=3DES_0-HMAC_SHA1 NATOA=192.168.1.38 NATD=192.168.1.38:4500 DPD=none}
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: the peer proposed: 192.168.1.15/32:0/0 -> 192.168.1.38/32:0/0
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #1: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: responding to Quick Mode proposal {msgid:01000000}
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: us: 192.168.1.15<192.168.1.15>[+S=C]
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: them: 192.168.1.38<192.168.1.38>[+S=C]
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: Dead Peer Detection (RFC 3706): not enabled because peer did not advertise it
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Feb 8 14:04:40 linux pluto[836]: "lnx-win" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x89c5ef96 <0x3d6e53aa xfrm=3DES_0-HMAC_SHA1 NATOA=192.168.1.38 NATD=192.168.1.38:4500 DPD=none}
/etc/ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth0"
protostack=klips
nat_traversal=yes
virtual_private=
oe=off
nhelpers=0
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth0"
protostack=klips
nat_traversal=yes
virtual_private=
oe=off
nhelpers=0
conn lnx-win
type=tunnel
auto=add
pfs=yes
right=192.168.1.38
left=192.168.1.15
auth=esp
authby=secret
forceencaps=yes
esp=3des-sha1-96
rekey=no
dpdaction=clear
dpddelay=30
dpdtimeout=30
type=tunnel
auto=add
pfs=yes
right=192.168.1.38
left=192.168.1.15
auth=esp
authby=secret
forceencaps=yes
esp=3des-sha1-96
rekey=no
dpdaction=clear
dpddelay=30
dpdtimeout=30
_______________________________________________ Users <at> lists.openswan.org http://lists.openswan.org/mailman/listinfo/users Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy Building and Integrating Virtual Private Networks with Openswan: http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
RSS Feed