Hello Adreas, I captured packets on both machines. Details from Wireshark (Windows XP Machine): http://nerio.pccentre.pl/inne/packets.zip Details from Tcpdump (Debian): http://img696.imageshack.us/img696/4490/tcpdumpdebian.png Thanks and regards, Rafał from POLAND
W dniu 2010-09-07 13:22, Andreas Steffen pisze: > Czesc Rafal, > > both sides try to send the first IKE packet. Using Wireshark > or tcpdump, do you see any IKE packets (UDP port 500) leaving > or entering the hosts? > > Regards > > Andreas > > On 07.09.2010 00:03, Rafał Jeleśniański wrote: >> Hello, >> I try establish IPSec connection with StrongSwan (4.4.1) between this >> two machines. >> Testing environment: >> Virtualbox 3.2.8 >> 1st Machine (172.16.100.11) - Debian Testing (kernel: 2.6.32-5-686) >> 2nd Machine (172.16.100.7) - Windows XP Pro SP3 >> Type of connection: bridged >> I use this example: >> http://www.strongswan.org/uml/testresults43/ikev1/host2host-cert/ >> ----------------------- >> Steps, that i do on Debian: >> 1. apt-get update >> 2. apt-get install build-essential >> 3. apt-get install libgmp3-dev >> 4. apt-get install libssl-dev >> 5. wget http://download.strongswan.org... >> 6. tar ... ; cd strongswan... >> 7. ./configure --prefix=/usr --sysconfdir=/etc --enable-openssl >> 8. make >> 9. make install >> 10. Making a CA with this tutorial: >> http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA >> 11. i generate separate keys and certs for both machines >> 12. i convert caKey to pem format (openssl x509 -inform der -in >> caCert.der -out caCert.pem) >> 13. i convert cert for Windows machine: >> openssl pkcs12 -export -inkey /etc/ipsec.d/winxp1pcKey.pem -in >> /etc/ipsec.d/winxp1pcCert.pem -name "winxp1pc" -certfile >> /etc/ipsec.d/cacerts/caCert.pem -caname "Rafal CA" -out winxp1pcCert.p12 >> 14. I edit appropriate files and make changes (i based on moon files - >> ipsec.conf, ipsec.secrets, strongswan.conf) >> 15. ipsec restart >> Steps, that i do on Windows >> 1. Import certs from pkcs12 file. RootCA cert i move to appropriate folder >> 2. I create new ip security policy >> almost like in this tutor: http://www.freebsddiary.org/ipsec-wireless-xp.php >> 3. Source adress - My IP Address; Destination adress - 172.16.100.11; >> Tunnel end-point: 172.16.100.11; >> 4. Authentication Method: cerificate, that i imported >> ... >> 5. Assign my new ip security policy >> I try to establish connection but dosen't work >> When i execute ipsec up host-host on debian i recive messages: >> 002 "host-host" #2: initiating Main Mode >> 104 "host-host" #2 STATE_MAIN_I1: initiate >> 010 "host-host" #2 STATE_MAIN_I1: retransmission; will wait 20s for response >> 010 "host-host" #2 STATE_MAIN_I1: retransmission; will wait 40s for response >> 031 "host-host" #2 max number of retransmissions (2) reached >> STATE_MAIN_I1. No response (or no acceptable response) to our first IKE >> message. >> >> On Windows Machine when i try to ping 172.16.100.11 i only recive messages: >> negotiating IP security >> >> I don't have experiance in configuring strongswan. >> If somebody can explain how (Step by step) configure host to host ipsec >> connection between linux with strongswan and windows xp i be very thankful. >> >> If you need any extra information - just tell me ;) >> >> P.S. Sorry for my horrible english ;) >> Regards >> Rafal from POLAND. > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
