[strongSwan] Strong swan 5.1.1 and Windows XP

Lupi Loop lupitheloop at gmail.com
Wed Dec 10 12:43:49 CET 2014 

Hi Martin,

Thank you very much for your answer.

Unfortunately we need this machine to be on XP.

Attached go the Strongswan and Shrew log for the connection.


Notation in the logs:

X.X.X.X Is the public IP address of the Strongswan Server

Client is a Windows XP virtual machine with local address 10.0.2.15,
the host is a Windows 7 machine being A.A.A.A  its public IP address

VPN uses address in the 10.10.10.0/24 network



Cheers

2014-12-10 11:24 GMT+01:00 Martin Willi <martin at strongswan.org>:
> Hi,
>
>> I have tried both using the native client of Windows XP (that does not
>> connect at all)
>
> The XP client configured through the RAS GUI uses L2TP/IPsec, that is a
> L2TP tunnel protected by IPsec in transport mode using IKEv1. strongSwan
> can handle the IPsec protection only, for L2TP you'll need a L2TP
> daemon. There are probably some guides out there how to get that
> working, but please be aware that there are some difficulties with NAT.
>
>> and using two vpn clients, ShrewSoft and TauVPN, (that
>> establish IKE phase 1 SA but fail at phase 2)
>
> Shrew should actually work fine with strongSwan, but there is a large
> bunch of authentication methods and other options to use. Please provide
> some failure logs.
>
> Haven't used TauVPN for a while; If you can configure the XP stack with
> some standard IPsec using IKEv1 with certificate authentication, that
> might work.
>
> Given that XP has reached end-of-life anyway, I'm not sure if it is
> worth the effort. If you really need XP support, Shrew is probably the
> best option.
>
> Regards
> Martin
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iked-1.log
Type: application/octet-stream
Size: 57182 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141210/2cf5d3ab/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.log
Type: application/octet-stream
Size: 125420 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141210/2cf5d3ab/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: stronswan.log.rtf
Type: application/rtf
Size: 28851 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141210/2cf5d3ab/attachment-0001.rtf>

More information about the Users mailing list