'IPSec between OpenBSD and Windows XP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    IPSec between OpenBSD and Windows XP
From:       Andreas Krummrich <andreas.krummrich () online ! de>
Date:       2005-01-31 22:06:35
Message-ID: 41FEABEB.20202 () online ! de
[Download RAW message or body]

Hi,

I'm having trouble connecting an OpenBSD 3.6 and a Windows XP box.
Here's the error message:

225826.748795 Negt 30 message_negotiate_sa: transform 1 proto 3 proposal 
1 ok
225826.749679 Plcy 40 check_policy: adding authorizer [passphrase:secret]
225826.749846 Plcy 40 check_policy: adding authorizer 
[passphrase-md5-hex:5ebe22
94ecd0e0f08eab7690d2a6ee69]
225826.749959 Plcy 40 check_policy: adding authorizer 
[passphrase-sha1-hex:e5e9f
a1ba31ecd1ae84f75caaa474f3a663f05f4]
225826.750093 Plcy 40 check_policy: kn_do_query returned 0
225826.750248 Default check_policy: negotiated SA failed policy check
225826.750336 Negt 30 message_negotiate_sa: proposal 1 failed
225826.750413 Default message_negotiate_sa: no compatible proposal found
225826.750559 Default dropped message from 192.168.0.10 port 500 due to 
notifica
tion type NO_PROPOSAL_CHOSEN
225826.750722 Timr 10 timer_add_event: event 
exchange_free_aux(0x3c12d400) added
 before sa_soft_expire(0x3c067a00), expiration in 120s
225826.750851 Exch 10 exchange_establish_p2: 0x3c12d400 <unnamed> <no 
policy> po
licy initiator phase 2 doi 1 exchange 5 step 0

And here are the configs:

isakmpd.conf

[General]
Retransmits             = 5
Exchange-max-time       = 120
Listen-on               = 192.168.0.15

[Phase 1]
Default                 = ISAKMP-clients

[Phase 2]
Passive-Connections     = IPSec-clients

[ISAKMP-clients]
Phase                   = 1
Transport               = udp
Configuration           = win-main-mode
Authentication          = secret

[IPsec-clients]
Phase                   = 2
Configuration           = win-quick-mode
Local-ID                = default-route
Remote-ID               = dummy-remote

[default-route]
ID-type                 = IPV4_ADDR_SUBNET
Network                 = 192.168.0.0
Netmask                 = 255.255.255.0

[dummy-remote]
ID-type                 = IPV4_ADDR
Address                 = 192.168.0.10

[win-main-mode]
DOI                     = IPSEC
EXCHANGE_TYPE           = ID_PROT
Transforms              = 3DES-SHA-GRP2

[win-quick-mode]
DOI                     = IPSEC
EXCHANGE_TYPE           = QUICK_MODE
Suites                  = QM-ESP-3DES-SHA-SUITE

isakmpd.policy

KeyNote-version: 2
Authorizer: "POLICY"
Licensees: "passphrase:secret"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";

And here is Windows Script to start the connection:

tunnel.bat 192.168.0.10:
ipseccmd.exe -u
ipseccmd.exe -f 0=192.168.0.0/255.255.255.0 -n ESP[3DES,SHA] -t 
192.168.0.15 -a PRESHARE:"secret" -1s 3DES-SHA-2
ipseccmd.exe -f 192.168.0.0/255.255.255.0=0 -n ESP[3DES,SHA] -t %1 -a 
PRESHARE:"secret" -1s 3DES-SHA-2


What's wrong here?
Thanks!

Regards,
    Andreas.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic