View Single Post
  #1   (View Single Post)  
Old 21st July 2009
milo974 milo974 is offline
Fdisk Soldier
 
Join Date: Jul 2008
Posts: 58
Wink mobile client to ipsec gateway

Hello,

I'm trying to do an ipsec tunnel using openbsd and client software : "Shrew Vpn client" (Windows xp) ; in first time i try it on my local network (not over internet). I ve also read man pages of ipsec.conf ; isakmpd ; ipsecctl

Here what i ve done :
On the openbsd (4.5) gateway (vpn.my.domain) ip: 192.168.0.111:
**rc.conf.local :
ipsec=YES
isakmpd="-K"
**ipsec.conf :
ike dynamic from any to any \
main auth hmac-sha1 enc aes group modp1024
quick auth hmac-sha1 enc aes psk 123456A
**pf is disable

On the client side :
Windows XP SP3
Shrew Vpn Client vers : 2.1.4
What i have done :
**Remote host : 192.168.0.111 port 500
Auto config ike config pull
** Local Host : use a virtual adapter
10.0.0.1/24
** Client
Nat disable
**Name resolution
all is disable
**Auth
Local host : auto ip address
Remote : auto ip address
Credential : mutual PSK and entry the preshared key (123456A).
**Phase 1
Exchange type : main
**Phase 2
Exchange type : esp-aes
**Policy
Obtain automatically...

When i try to connect i have the following message :
"config loaded for site '192.168.0.111'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
pre-shared key configured
bringing up tunnel ...
invalid message from gateway
tunnel disabled
detached from key daemon . "

I cant open ipsec tunnel, can you help me please ?

Last edited by milo974; 21st July 2009 at 05:34 AM. Reason: something missing
Reply With Quote