Hello, I try establish IPSec connection with StrongSwan (4.4.1) between this two machines. Testing environment: Virtualbox 3.2.8 1st Machine (172.16.100.11) - Debian Testing (kernel: 2.6.32-5-686) 2nd Machine (172.16.100.7) - Windows XP Pro SP3 Type of connection: bridged I use this example: http://www.strongswan.org/uml/testresults43/ikev1/host2host-cert/ ----------------------- Steps, that i do on Debian: 1. apt-get update 2. apt-get install build-essential 3. apt-get install libgmp3-dev 4. apt-get install libssl-dev 5. wget http://download.strongswan.org... 6. tar ... ; cd strongswan... 7. ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl 8. make 9. make install 10. Making a CA with this tutorial: http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA 11. i generate separate keys and certs for both machines 12. i convert caKey to pem format (openssl x509 -inform der -in caCert.der -out caCert.pem) 13. i convert cert for Windows machine: openssl pkcs12 -export -inkey /etc/ipsec.d/winxp1pcKey.pem -in /etc/ipsec.d/winxp1pcCert.pem -name "winxp1pc" -certfile /etc/ipsec.d/cacerts/caCert.pem -caname "Rafal CA" -out winxp1pcCert.p12 14. I edit appropriate files and make changes (i based on moon files - ipsec.conf, ipsec.secrets, strongswan.conf) 15. ipsec restart Steps, that i do on Windows 1. Import certs from pkcs12 file. RootCA cert i move to appropriate folder 2. I create new ip security policy almost like in this tutor: http://www.freebsddiary.org/ipsec-wireless-xp.php 3. Source adress - My IP Address; Destination adress - 172.16.100.11; Tunnel end-point: 172.16.100.11; 4. Authentication Method: cerificate, that i imported ... 5. Assign my new ip security policy I try to establish connection but dosen't work When i execute ipsec up host-host on debian i recive messages: 002 "host-host" #2: initiating Main Mode 104 "host-host" #2 STATE_MAIN_I1: initiate 010 "host-host" #2 STATE_MAIN_I1: retransmission; will wait 20s for response 010 "host-host" #2 STATE_MAIN_I1: retransmission; will wait 40s for response 031 "host-host" #2 max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message.
On Windows Machine when i try to ping 172.16.100.11 i only recive messages: negotiating IP security I don't have experiance in configuring strongswan. If somebody can explain how (Step by step) configure host to host ipsec connection between linux with strongswan and windows xp i be very thankful. If you need any extra information - just tell me ;) P.S. Sorry for my horrible english ;) Regards Rafal from POLAND. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
