The built-in Windows VPN client uses IKEv1 (strongSwan attempts to use IKEv2 by default), so add:
keyexchange=ikev1 to your options and you should now see it being caught in your pluto.log (pluto is the IKEv1 daemon, charon is for IKEv2). -a On Oct 4, 2011, at 5:13 PM, Tristan Ball wrote: > Hi, > Can someone tell me if the following is doable? I’d like to > be able to provide a transport mode connection to a single server for a pool > of Windows vista/7 road warriors – who may or may not be behind NAT depending > on the day. > > The end users are the roaming users for a customer of mine, and they’re > opposed to VPN’s for complexity and maintenance reasons – however I have a > need to provide secure access to applications running on a server I host for > them. I had hoped to use the windows firewall connection profiles to start a > tunnel mode connection, which to the end user would be essentially > transparent and hopefully negate some of the pushback against VPN’s. > > All the strongswan documentation seems to refer to tunnel mode, and the > windows examples in particular seem to hard code end point IP addresses – I > don’t think that’s going to work for roaming users. > > For my lab setup I’ve been attempting to start a connection using preshared > keys, but I can’t get past “initial Main Mode message received on > 203.89.x.x:500 but no connection has been authorized with policy=PSK” in the > pluto logs. > > My ipsec.conf is pretty simple: > > conn winclient > type=transport > left=%defaultroute > right=%any > authby=secret > pfs=no > auto=add > > Can anyone provide assistance with this setup? > > Many thanks. > > Tristan > > > <phs-logo4ff.png> > Tristan Ball - Hosted Services Manager VIC > Pronto Hosted Services > 20 Lakeside Drive, Burwood East, VIC 3151 > Phone: +61 3 9887 7770 | Email: [email protected] > Mobile: +61 408 397 473 > > <personal298a.png> > For PHS helpdesk support, please email [email protected] > For urgent after hours support phone: 1800 622 556 > > > > <personal240e3.png> > ---Legal Notice--- > The email message and any attachments are confidential and subject to > copyright. If you are not the intended recipient, any use, interference with, > disclosure or copying of this material is unauthorised and prohibited. No > part may be reproduced, adapted or transmitted without the written permission > of the copyright owner. If you have received this email in error, please > immediately advise the sender by return email and delete the message from > your system. Before opening or using attachments, check for viruses and > defects. Our liability is limited to re-supplying any affected attachments. > > <personal255dc.png> > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
