[LARTC] Problem with ipsec tool from Marcus Mueller

["David Hellekalek" <lartc@xxxxxxxxxxxxxx>]

Hi,

I am trying to connect road-warriors (running on WinXP) to my home network
via FreeS/WAN but it does not work.
I am using version 1.99 with "plutodebug=all" set in the config but it does
not give any output when I try to connect.

The client is behind a router in network 192.168.20.0/24, the server is on
"my-servers-dns-name" with the internal network 192.168.11.0/24

When I did "ping 192.168.11.1", it said "IP Sicherheit wird verhandelt"
which means "Negotiating IP security" but the packet logger which was
running on the client's router did not log any traffic from/to the server so
it seems that WinXP did not attempt to contact the server. The syslog on the
server of course also did not show anything about connection attempts.
Do you have any idea why this happens?

Here are the configs:

- Config on the client:

conn roadwarrior
 left=%any
 right=my-servers-dns-name
 rightca="C=AT, S=xx, L=xx, O=xx, CN=xx"
 network=auto
 auto=start
 pfs=yes

conn roadwarrior-net
 left=%any
 right=my-servers-dns-name
 rightsubnet=192.168.10.0/24
 rightca="C=AT, S=xx, L=xx, O=xx, CN=xx"
 network=auto
 auto=start
 pfs=yes
---------------------

- Log on the client
No RAS connections found.
IPSec Version 2.1.4 (c) 2001,2002 Marcus Mueller
Getting running Config ...
Microsoft's Windows XP identified
Host name is: pc1
LAN IP address: 192.168.20.1
Setting up IPSec ...

 Deactivating old policy...
 Removing old policy...

Connection roadwarrior:
 MyTunnel     : 192.168.20.1
 MyNet        : 192.168.20.1/255.255.255.255
 PartnerTunnel: my-servers-dns-name
 PartnerNet   : my-servers-dns-name/255.255.255.255
 CA (ID)      : C=AT, S=xx, L=xx, O=xx, CN...
 PFS          : y
 Auto         : start
 Auth.Mode    : MD5
 Rekeying     : 3600S/50000K
 Activating policy...

Connection roadwarrior-net:
 MyTunnel     : 192.168.20.1
 MyNet        : 192.168.20.1/255.255.255.255
 PartnerTunnel: my-servers-dns-name
 PartnerNet   : 192.168.11.0/255.255.255.0
 CA (ID)      : C=AT, S=xx, L=xx, O=xx, CN...
 PFS          : y
 Auto         : start
 Auth.Mode    : MD5
 Rekeying     : 3600S/50000K
 Activating policy...
---------------------------

- Config on the server:

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=all
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.11.0/24
        also=roadwarrior

conn roadwarrior
        right=%any
        left=%defaultroute
        leftcert=gatewayKey.pem
        auto=add
        pfs=yes

------------

I hope that you can help me
Regards,
David

PS: I don't want to connect both routers, I want that only the single client
has access.