[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: IPSec between OpenBSD and Windows XP
From: Andreas Krummrich <andreas.krummrich () online ! de>
Date: 2005-01-31 22:06:35
Message-ID: 41FEABEB.20202 () online ! de
[Download RAW message or body]
Hi,
I'm having trouble connecting an OpenBSD 3.6 and a Windows XP box.
Here's the error message:
225826.748795 Negt 30 message_negotiate_sa: transform 1 proto 3 proposal
1 ok
225826.749679 Plcy 40 check_policy: adding authorizer [passphrase:secret]
225826.749846 Plcy 40 check_policy: adding authorizer
[passphrase-md5-hex:5ebe22
94ecd0e0f08eab7690d2a6ee69]
225826.749959 Plcy 40 check_policy: adding authorizer
[passphrase-sha1-hex:e5e9f
a1ba31ecd1ae84f75caaa474f3a663f05f4]
225826.750093 Plcy 40 check_policy: kn_do_query returned 0
225826.750248 Default check_policy: negotiated SA failed policy check
225826.750336 Negt 30 message_negotiate_sa: proposal 1 failed
225826.750413 Default message_negotiate_sa: no compatible proposal found
225826.750559 Default dropped message from 192.168.0.10 port 500 due to
notifica
tion type NO_PROPOSAL_CHOSEN
225826.750722 Timr 10 timer_add_event: event
exchange_free_aux(0x3c12d400) added
before sa_soft_expire(0x3c067a00), expiration in 120s
225826.750851 Exch 10 exchange_establish_p2: 0x3c12d400 <unnamed> <no
policy> po
licy initiator phase 2 doi 1 exchange 5 step 0
And here are the configs:
isakmpd.conf
[General]
Retransmits = 5
Exchange-max-time = 120
Listen-on = 192.168.0.15
[Phase 1]
Default = ISAKMP-clients
[Phase 2]
Passive-Connections = IPSec-clients
[ISAKMP-clients]
Phase = 1
Transport = udp
Configuration = win-main-mode
Authentication = secret
[IPsec-clients]
Phase = 2
Configuration = win-quick-mode
Local-ID = default-route
Remote-ID = dummy-remote
[default-route]
ID-type = IPV4_ADDR_SUBNET
Network = 192.168.0.0
Netmask = 255.255.255.0
[dummy-remote]
ID-type = IPV4_ADDR
Address = 192.168.0.10
[win-main-mode]
DOI = IPSEC
EXCHANGE_TYPE = ID_PROT
Transforms = 3DES-SHA-GRP2
[win-quick-mode]
DOI = IPSEC
EXCHANGE_TYPE = QUICK_MODE
Suites = QM-ESP-3DES-SHA-SUITE
isakmpd.policy
KeyNote-version: 2
Authorizer: "POLICY"
Licensees: "passphrase:secret"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";
And here is Windows Script to start the connection:
tunnel.bat 192.168.0.10:
ipseccmd.exe -u
ipseccmd.exe -f 0=192.168.0.0/255.255.255.0 -n ESP[3DES,SHA] -t
192.168.0.15 -a PRESHARE:"secret" -1s 3DES-SHA-2
ipseccmd.exe -f 192.168.0.0/255.255.255.0=0 -n ESP[3DES,SHA] -t %1 -a
PRESHARE:"secret" -1s 3DES-SHA-2
What's wrong here?
Thanks!
Regards,
Andreas.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic