Has anyone got ipsec.conf/ipsecctl to interop with Windows XP? I had this
working flawlessly with my isakmpd.conf, but rather like the new syntax and
want to switch.
I have it to the point of giving me this message when I start isakmpd with
'-K -d -vvv'
090413.992346 Default isakmpd: phase 1 done: initiator id
/C=CA/ST=Ontario/L=Sault Ste. Marie/O=Clean North/[EMAIL PROTECTED], responder
id c0a82101: 192.168.33.1, src: 192.168.33.1 dst: 192.168.33.151
But no tunnels are created and no more messages are displayed.
My ipsec.conf looks like this (tried with and without the 'quick...' line:
ike passive esp from any to 0.0.0.0 main auth hmac-sha1 enc 3des-cbc \
quick auth hmac-sha1 enc 3des-cbc \
group modp1024
And the isakmpd.conf (working) it replaces looks like this:
[Phase 1]
Default= ISAKMP-peer-WI
[Phase-1-ID]
ID-type= USER_FQDN
Name= [EMAIL PROTECTED]
[ISAKMP-peer-WI]
Phase= 1
Transport= udp
Configuration= Default-main-mode
ID= Phase-1-ID
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA-RSA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-SUITE
[3DES-SHA-RSA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= RSA_SIG
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_28800_SECS
[LIFE_28800_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 28800,600:36000
Is there anyone who knows the magic sauce I'm failing to sprinkle on this
setup? I would be grateful for any assistance.
Thanks.
-Dan
--
"Burnished gallows set with red
Caress the fevered, empty mind
Of man who hangs bloodied and blind
To reach for wisdom, not for bread." -- Deoridhe Grimsdaughter
