LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page [VPN] freeswan and XP (IPSec)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 05-16-2006, 08:43 PM   #1
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 680

Rep: Reputation: Disabled
[VPN] freeswan and XP (IPSec)

I am trying to connect a XP Professional client (with no server pack) to a OpenSwan VPN server that uses preshared key and IPSec.

The server side configuration has 2 files

- /etc/ipsec.conf
- /etc/ipsec.secrets


/etc/ipsec.conf
---------------------

include /etc/ipsec.d/examples/no_oe.conf

conn noir
authby=secret
left=<server public IP Address> <203.125.33.23>
leftsubnet=<server internal IP addresses> <172.16.1.0/24>
leftnexthop=%defaultroute
right=<my public IP address> <89.45.33.16>
rightsubnet=<my internal IP address> <192.168.1.0/24>
rightnexthop=%defaultroute
auto=start

/etc/ipsec.secrets
-----------------------
203.125.33.23 89.45.33.16: PSK "my_key"

On the XP side
--------------

I have installed XP Support tools from the XP CD and downloaded Marcus Muller's ipsec.exe utility. All of them are in C:\ipsec folder.

I have just changed only one file in XP end which is c:\ipsec\ipsec.conf.

conn noir
left=192.168.1.35
leftsubnet=192.168.1.0/24
right=203.125.33.23
rightsubnet=172.16.1.0/24
authmode=sha
presharedkey=noir911
auto=start
pfs=yes

Now, when I run ipsec.exe from XP it shows -

IPSec Version 2.2.0 (c) 2001-2003 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Setting up IPSec ...

Deactivating old policy...
Removing old policy...

Connection noir:
MyTunnel : 192.168.1.35
MyNet : 192.168.1.0/255.255.255.0
PartnerTunnel: 203.125.33.23
PartnerNet : 172.16.1.0/255.255.255.0
CA (ID) : Preshared Key ******************
PFS : y
Auto : start
Auth.Mode : sha
Rekeying : 3600S/50000K
Activating policy...

Now, when I ping the internal network of the server, it says -

"Negotiaging IP Security"

I tried to ping several times.

My Router/ gateway
------------------

I have put the internal IP address 192.168.1.35 in the adsl router's forwarding list for UDP ports 50 and 500. So any packet from 192.168.1.35 will go to the router 192.168.1.1 and will be NAT'ed out with a public IP address of 89.45.33.16.

Packet dump/ Ethereal
-----------------------

I have done a packet dump but unfortunately I cannot see any packets going out to the destination
Last edited by noir911; 05-16-2006 at 09:31 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Q] IPSec OpenSwan (Fedora Core3) to FreeSwan device TheEdge Linux - Security 0 11-23-2004 04:16 AM
Req help with FreeSwan IPSEC setup dwest576 Linux - Security 3 01-20-2004 01:00 PM
Need FreeSwan VPN Help! dwest576 Linux - Security 2 01-13-2004 09:16 PM
[freeswan] no traffic to internet after starting ipsec service tyl Linux - Networking 3 08-03-2003 01:05 PM
gettin ipsec/freeswan to run numismaati Linux - Networking 0 05-12-2003 02:19 PM


All times are GMT -5. The time now is 05:56 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration