[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] FreeSWAN: Win2k ok, XP fails


during this week I have set up a FreeSWAN gateway and tested the configuration 
succesfully with another gateway and a Win2k client.

After this I copied the certificate and the configuration I used with Win2K to 
a XP box (ipsecmd installed, no SP2, ipsec-tool from vpn.ebootis.de).

ipsec -debug looked good and a ping to an apache behind the FreeSWAN gateway  
told me "ip security negotiated".

But in /var/log/messages I find the following line: "encrypted Informational 
Exchange message is invalid because it is for incomplete ISAKMP SA"

I saw this message before, when I used the wrong ca in the Win2k ipsec.conf. 
But this time the ca must be right, because I was able to connect to the 
apache with the Win2k -client over the vpn (tcpdump and the browser prooved 

Does anyone of you know whether it's necessary to make any change to the 
config files when the client is an XP box ? I haven't found a note on that in 
the documentation.

Thanks for any hint.



in-put GbR - Das Linux-Systemhaus
Stefan-Michael Günther
Moltkestraße 49	D-76133 Karlsruhe
Tel./Fax : +49 (0)721 / 83044 - 98/93

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here