Re: [Users] Super-freeswan and Windows 2000, using certs X.509 - 'Negotating IP Security' while pinging

Hi,

I had a similar problem and was able to fix it by manually specifying the CA certificate using the IP security policies MMC snap in on the W2K cliet.

For some reason I could never get Marcus Mullers' tool to correctly "guess" the right one using the syntax that Nate Carlson describes.

Nate Carlson says that you should use :

rightca="C=US,S=State,L=City,O=ExampleCo,CN=CA,Email=host@example.com"

in the clients ipsec.conf.

What I did was run Marcus' tool once so that it created the FreeSwan policy, then edit it and change the CA cert to the correct one manually. You will also need to manually assign and un-assign it using the MMC snap in to turn the rule on and off (because every time you run Marcus' tool it deletes and re-creates the FreeSwan policy).

Thanks,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Mark

-----Original Message-----
From: users-owner@mj2.freeswan.org [mailto:users-owner@mj2.freeswan.org] On Behalf Of Peteris Krisjanis
Sent: Tuesday, September 30, 2003 10:46 AM To: users@mj2.freeswan.org
Subject: [Users] Super-freeswan and Windows 2000, using certs X.509 - 'Negotating IP Security' while pinging

Hi everyone!

I'm rather newbie to freeswan/ipsec thing and would like to know where is a problem in the such case:
There is Gentoo 1.4, super-freeswan 1.99_kb4, vanilla kernel 2.4.22 with

freeswan patch
and Windows 2000, using X.509 certs and ipsec.exe tool from Marcus Muler.

I'm using roadwarrior-net connection. Everything seems to work so far that I launch ipsec.exe
and it successfully connects to remote network's getaway (don't give any

error messages).
However, when I try to do ping to getaway's ip as suggested in docs, it gives only a response 'Negotating IP Security' all the time.

Suggestions - where to look at, what to check, etc.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Thanks in advance :),
Peteris Krisjanis.