Differences between version 8 and previous revision of IPSecConfiguration.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 8 | Last edited on Monday, November 17, 2003 10:31:39 pm | by MichaelBordignon | Revert |
| Older page: | version 7 | Last edited on Monday, November 17, 2003 10:31:17 pm | by MichaelBordignon | Revert |
@@ -16,13 +16,13 @@
__NextNote:__ If you are wanting to interoperate with Windows 2000/XP, make sure that
a) The .p12 certificate which you export is added to the __local machine__ and not the __current user__. This is the first mistake I made. Otherwise, you'll get something like
auth.log.0:Nov 13 15:26:08 peer pluto[21342]: "remote-win2k-2"[2] 166.179.32.102 #2: encrypted
-Informational Exchange message is invalid because it is for incomplete ISAKMP SA
+
Informational Exchange message is invalid because it is for incomplete ISAKMP SA
b) If there are any stateful firewalls in between the road warrior and the internal machine, make sure you allow ESP (protocol 50), with something like
iptables -A INPUT -p esp -j ACCEPT
__YetAnotherNote:__ Instructions on exporting x509 certs for use on 2k/xp can be found at http://www.natecarlson.com/linux/ipsec-x509.php, with a wealth of information at http://www.jacco2.dds.nl/networking/freeswan-l2tp.html. You'll also want a free utility found at http://vpn.ebootis.de to make the necessary IPSec policy changes to win2k/xp when you want to connect.
For an example PSK setup, head over to [IPSecConfigurationPSK]. %%%
For an example RSA setup, head over to [IPSecConfigurationRSA].
