mobile client to ipsec gateway
I'm trying to do an ipsec tunnel using openbsd and client software : "Shrew Vpn client" (Windows xp) ; in first time i try it on my local network (not over internet). I ve also read man pages of ipsec.conf ; isakmpd ; ipsecctl
Here what i ve done :
On the openbsd (4.5) gateway (vpn.my.domain) ip: 192.168.0.111:
ike dynamic from any to any \
main auth hmac-sha1 enc aes group modp1024
quick auth hmac-sha1 enc aes psk 123456A
**pf is disable
On the client side :
Windows XP SP3
Shrew Vpn Client vers : 2.1.4
What i have done :
**Remote host : 192.168.0.111 port 500
Auto config ike config pull
** Local Host : use a virtual adapter
all is disable
Local host : auto ip address
Remote : auto ip address
Credential : mutual PSK and entry the preshared key (123456A).
Exchange type : main
Exchange type : esp-aes
When i try to connect i have the following message :
"config loaded for site '192.168.0.111'
configuring client settings ...
attached to key daemon ...
iskamp proposal configured
esp proposal configured
pre-shared key configured
bringing up tunnel ...
invalid message from gateway
detached from key daemon . "
I cant open ipsec tunnel, can you help me please ?
Last edited by milo974; 21st July 2009 at 06:34 AM. Reason: something missing
|ipsec, security, vpn|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Mobile Broadband||adapa||OpenBSD General||3||23rd February 2009 09:09 PM|
|openBSD IPSEC gateway w/WINDOWS XP roadwarrior||s2scott||OpenBSD Security||7||13th January 2009 11:01 AM|
|ipsec with client nat||sicute||OpenBSD General||0||30th October 2008 05:39 PM|
|IM Client||schrodinger||OpenBSD Packages and Ports||6||16th September 2008 03:09 PM|
|DDNS Client||revzalot||OpenBSD Installation and Upgrading||3||12th August 2008 03:21 AM|