Hi,
I am trying to connect road-warriors (running on WinXP) to my home network
via FreeS/WAN but it does not work.
I am using version 1.99 with "plutodebug=all" set in the config but it
does
not give any output when I try to connect.
The client is behind a router in network 192.168.20.0/24, the server is on
"my-servers-dns-name" with the internal network 192.168.11.0/24
When I did "ping 192.168.11.1", it said "IP Sicherheit wird
verhandelt"
which means "Negotiating IP security" but the packet logger which was
running on the client's router did not log any traffic from/to the server so
it seems that WinXP did not attempt to contact the server. The syslog on the
server of course also did not show anything about connection attempts.
Do you have any idea why this happens?
Here are the configs:
- Config on the client:
conn roadwarrior
left=%any
right=my-servers-dns-name
rightca="C=AT, S=xx, L=xx, O=xx, CN=xx"
network=auto
auto=start
pfs=yes
conn roadwarrior-net
left=%any
right=my-servers-dns-name
rightsubnet=192.168.10.0/24
rightca="C=AT, S=xx, L=xx, O=xx, CN=xx"
network=auto
auto=start
pfs=yes
---------------------
- Log on the client
No RAS connections found.
IPSec Version 2.1.4 (c) 2001,2002 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Host name is: pc1
LAN IP address: 192.168.20.1
Setting up IPSec ...
Deactivating old policy...
Removing old policy...
Connection roadwarrior:
MyTunnel : 192.168.20.1
MyNet : 192.168.20.1/255.255.255.255
PartnerTunnel: my-servers-dns-name
PartnerNet : my-servers-dns-name/255.255.255.255
CA (ID) : C=AT, S=xx, L=xx, O=xx, CN...
PFS : y
Auto : start
Auth.Mode : MD5
Rekeying : 3600S/50000K
Activating policy...
Connection roadwarrior-net:
MyTunnel : 192.168.20.1
MyNet : 192.168.20.1/255.255.255.255
PartnerTunnel: my-servers-dns-name
PartnerNet : 192.168.11.0/255.255.255.0
CA (ID) : C=AT, S=xx, L=xx, O=xx, CN...
PFS : y
Auto : start
Auth.Mode : MD5
Rekeying : 3600S/50000K
Activating policy...
---------------------------
- Config on the server:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.11.0/24
also=roadwarrior
conn roadwarrior
right=%any
left=%defaultroute
leftcert=gatewayKey.pem
auto=add
pfs=yes
------------
I hope that you can help me
Regards,
David
PS: I don't want to connect both routers, I want that only the single client
has access.
David, Sorry, wrong list! Please try the FreeS/WAN list. http://www.freeswan.org/freeswan_trees/freeswan-1.5/doc/mail.html -Martin : I am trying to connect road-warriors (running on WinXP) to my home network : via FreeS/WAN but it does not work. : I am using version 1.99 with "plutodebug=all" set in the config but it does : not give any output when I try to connect. : : The client is behind a router in network 192.168.20.0/24, the server is on : "my-servers-dns-name" with the internal network 192.168.11.0/24 : : When I did "ping 192.168.11.1", it said "IP Sicherheit wird verhandelt" : which means "Negotiating IP security" but the packet logger which was : running on the client's router did not log any traffic from/to the server so : it seems that WinXP did not attempt to contact the server. The syslog on the : server of course also did not show anything about connection attempts. : Do you have any idea why this happens? : : Here are the configs: : : - Config on the client: : : conn roadwarrior : left=%any : right=my-servers-dns-name : rightca="C=AT, S=xx, L=xx, O=xx, CN=xx" : network=auto : auto=start : pfs=yes : : conn roadwarrior-net : left=%any : right=my-servers-dns-name : rightsubnet=192.168.10.0/24 : rightca="C=AT, S=xx, L=xx, O=xx, CN=xx" : network=auto : auto=start : pfs=yes : --------------------- : : - Log on the client : No RAS connections found. : IPSec Version 2.1.4 (c) 2001,2002 Marcus Mueller : Getting running Config ... : Microsoft's Windows XP identified : Host name is: pc1 : LAN IP address: 192.168.20.1 : Setting up IPSec ... : : Deactivating old policy... : Removing old policy... : : Connection roadwarrior: : MyTunnel : 192.168.20.1 : MyNet : 192.168.20.1/255.255.255.255 : PartnerTunnel: my-servers-dns-name : PartnerNet : my-servers-dns-name/255.255.255.255 : CA (ID) : C=AT, S=xx, L=xx, O=xx, CN... : PFS : y : Auto : start : Auth.Mode : MD5 : Rekeying : 3600S/50000K : Activating policy... : : Connection roadwarrior-net: : MyTunnel : 192.168.20.1 : MyNet : 192.168.20.1/255.255.255.255 : PartnerTunnel: my-servers-dns-name : PartnerNet : 192.168.11.0/255.255.255.0 : CA (ID) : C=AT, S=xx, L=xx, O=xx, CN... : PFS : y : Auto : start : Auth.Mode : MD5 : Rekeying : 3600S/50000K : Activating policy... : --------------------------- : : - Config on the server: : : config setup : interfaces=%defaultroute : klipsdebug=none : plutodebug=all : plutoload=%search : plutostart=%search : uniqueids=yes : : conn %default : keyingtries=1 : compress=yes : disablearrivalcheck=no : authby=rsasig : leftrsasigkey=%cert : rightrsasigkey=%cert : : conn roadwarrior-net : leftsubnet=192.168.11.0/24 : also=roadwarrior : : conn roadwarrior : right=%any : left=%defaultroute : leftcert=gatewayKey.pem : auto=add : pfs=yes : : ------------ : : I hope that you can help me : Regards, : David : : PS: I don't want to connect both routers, I want that only the single client : has access. : : _______________________________________________ : LARTC mailing list / LARTC@mailman.ds9a.nl : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ : -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com