Re: [strongSwan] StrongSwan 4.2.4 with Windows 7
Hi Daniel, thank you for your help. After switching to the newest strongswan release it works great. Kind regards, Michael -Original Message- From: Daniel Mentz [mailto:danielml+mailinglists.strongs...@sent.com] Sent: Tuesday, December 29, 2009 1:15 PM To: Wihsböck Michael Cc: users@lists.strongswan.org Subject: Re: [strongSwan] StrongSwan 4.2.4 with Windows 7 Generally speaking, I would try to use the most up-to-date version of strongSwan just to rule out that a bug that is already fixed causes the problem. You could configure the source code with s.th. like ./configure --prefix=/home/michael/strongswan_playground/ If you run "make install" afterwards, it copies the files into this dedicated directory instead of overwriting the existing version of strongSwan. What's the CA of the certificate you installed on the Windows 7 box? Did you store that in /etc/ipsec.d/cacerts. Please run ipsec listcacerts and provide the output to us. Also, a more comprehensive log file would be helpful. -Daniel Wihsböck Michael wrote: > Hi, > > I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to > accept Windows 7 IPSec-VPN connections as desribed on > http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the > certificates are accepted correctly on windows 7 side but now the connection > establishment times out. > The only message I receive on the StrongSwan system is "Dec 28 18:06:39 > debian charon: 09[AUD] 188.23.82.145 is initiating an IKE_SA". In the Windows > 7 Connection Status and Log Information Page > (http://wiki.strongswan.org/wiki/strongswan/Win7Status) this message is > immediately followed by something like "sending cert request for "C=AT, ..." > but this message doesn't appear :( > > My ipsec.conf: > > config setup > plutostart=no > > conn windows7 > left=%defaultroute > leftcert=server3Cert.pem > leftsubnet=192.168.21.0/24 > right=%any > rightsourceip=192.168.1.0/24 > rightid="C=AT, ST=Wien, O=Company, OU=Department, CN=support, > e=em...@test.tld" > keyexchange=ikev2 > auto=add > > Is the used strongSwan version too old? ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan 4.2.4 with Windows 7
Generally speaking, I would try to use the most up-to-date version of strongSwan just to rule out that a bug that is already fixed causes the problem. You could configure the source code with s.th. like ./configure --prefix=/home/michael/strongswan_playground/ If you run "make install" afterwards, it copies the files into this dedicated directory instead of overwriting the existing version of strongSwan. What's the CA of the certificate you installed on the Windows 7 box? Did you store that in /etc/ipsec.d/cacerts. Please run ipsec listcacerts and provide the output to us. Also, a more comprehensive log file would be helpful. -Daniel Wihsböck Michael wrote: > Hi, > > I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to > accept Windows 7 IPSec-VPN connections as desribed on > http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the > certificates are accepted correctly on windows 7 side but now the connection > establishment times out. > The only message I receive on the StrongSwan system is "Dec 28 18:06:39 > debian charon: 09[AUD] 188.23.82.145 is initiating an IKE_SA". In the Windows > 7 Connection Status and Log Information Page > (http://wiki.strongswan.org/wiki/strongswan/Win7Status) this message is > immediately followed by something like "sending cert request for "C=AT, ..." > but this message doesn't appear :( > > My ipsec.conf: > > config setup > plutostart=no > > conn windows7 > left=%defaultroute > leftcert=server3Cert.pem > leftsubnet=192.168.21.0/24 > right=%any > rightsourceip=192.168.1.0/24 > rightid="C=AT, ST=Wien, O=Company, OU=Department, CN=support, > e=em...@test.tld" > keyexchange=ikev2 > auto=add > > Is the used strongSwan version too old? ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] StrongSwan 4.2.4 with Windows 7
Hi, I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to accept Windows 7 IPSec-VPN connections as desribed on http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the certificates are accepted correctly on windows 7 side but now the connection establishment times out. The only message I receive on the StrongSwan system is "Dec 28 18:06:39 debian charon: 09[AUD] 188.23.82.145 is initiating an IKE_SA". In the Windows 7 Connection Status and Log Information Page (http://wiki.strongswan.org/wiki/strongswan/Win7Status) this message is immediately followed by something like "sending cert request for "C=AT, ..." but this message doesn't appear :( My ipsec.conf: config setup plutostart=no conn windows7 left=%defaultroute leftcert=server3Cert.pem leftsubnet=192.168.21.0/24 right=%any rightsourceip=192.168.1.0/24 rightid="C=AT, ST=Wien, O=Company, OU=Department, CN=support, e=em...@test.tld" keyexchange=ikev2 auto=add Is the used strongSwan version too old? Kind regards, Michael ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users