OpenVPN - alternative to an NCP (Watchguard) client- HOW?
Posted: Mon Jun 20, 2011 3:32 pm
Hi all, 
I just wanted to set up an openVPN-client on Windows XP SP3 working as an alternative to NCP-clients (Watchguard Easy) towards an existing NCP- Server.
It's probalbly no big deal to set it up, the problem is in front of the machine, I don't have any special VPN knowledge. So I ask if somebody can assisst?
Here is a copy of the NCP profile ini-file that works. The only thing I'm sure about that it works with a shared secret. The NCP client uses a TAP-Win32-Adapter. Its the only adapter on the client.
At the end of this post there is a copy of ovpn file I had a try with, including the log output,- but it does not log into the server.
The protocol (upd) and the server-ip (IP-SEC tunnel-endpoint 123.177.66.55) and the port (17999) are correct, I've checked this with a port scanner.
I hope somebody can help me with this.
best regards, "Wurke"
------NCP secure entry client profile - it works - "dump" to an ini-file------>>>>>>>>>>>>>>>>>>>>>>>>>>
[GENERAL]
Export=1
Product=NCP Secure Entry Client
Version=9.23 Build 12
Zeit=20.06.2011 15:23:12
[PROFILE1]
Name=OpenVPNalternative
ConnMedia=8
UseForAuto=0
UseRAS=0
BootProfile=0
UserName="xxxxxxxxxxx"
Password="þþþþþþþþþþþþþþþþ"
SavePw=0
PhoneNumber=
ScriptFile=
DialerUser=""
DialerPw="þ ,þþþþþþþþþ"
DialerPhone=
HttpName=
HttpPw=
HttpSavePw=0
HttpScript=
ComPort=1
Baudrate=57600
RelComPort=1
Modem=
InitStr=
DialPrefix=
3GApnSrc=1
3GProvider=
3GUser="xxxxxxxxxx"
3GPw="xxxxxxxx"
3GPhone=
APN=AT+cgdcont=1,"IP",""
GprsATCmd=AT+CPIN=
GprsPin=
PreAuthEap=0
PreAuthHttp=0
ConnMode=1
Timeout=0
MultiLink=0
MlThreshold=0
IKE-Policy=OpenVPNalternative
IPSec-Policy=OpenVPNalternative
ExchMode=4
IkeIdType=3
IkeIdStr=OpenVPNalternative
PkiConfig=
EnableNetBIOS=1
PriVoIP=0
ConnType=1
XAUTH-Id=""
XAUTH-Pw=""
Gateway=299.122.13.266
XAUTH-Src=0
UseTunnel=0
UseXAUTH=1
DisDPD=0
UseUdpEnc=500
UseUdpEncTmp=4500
PathFinder=0
IpAddrAssign=1
IPAddress=
SubnetMask=255.255.255.0
DNS1=0.0.0.0
DNS2=0.0.0.0
WINS1=0.0.0.0
WINS2=0.0.0.0
DomainName=
SubjectCert=
IssuerCert=
FingerPrint=
UseSHA1=0
Firewall=0
OnlyTunnel=0
RasOnlyTunnel=0
UseComp=0
PFS=1
IpsecLTSec=000:08:00:00
IkeLTSec=000:08:00:00
IPSecLTKb=128000
IPSecLTType=3
DNSActiv=0
DNS1Tmp=
DNS2Tmp=
WINS1Tmp=
WINS2Tmp=
Secret="þþþþþþþþþþþþþþ"
UsePreShKey=1
[IKEPOLICY1]
IkeName=
IkeCrypt=2
IkeHash=2
IkeAuth=1
IkeDhGroup=1
[IPSECPOLICY1]
IPSecName=OpenVPNalternative
IpsecCrypt=6
IpsecAuth=2
--<<<<<< end of NCP secure entry client ini-file------<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
--->>>ovpn-file- that does not work---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
client
remote 123.177.66.55
port 17999
proto udp
dev tap
Mon Jun 20 17:10:48 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Mon Jun 20 17:11:04 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Jun 20 17:11:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jun 20 17:11:04 2011 UDPv4 link local (bound): [undef]:17999
Mon Jun 20 17:11:04 2011 UDPv4 link remote: 123.177.66.55:17999
I just wanted to set up an openVPN-client on Windows XP SP3 working as an alternative to NCP-clients (Watchguard Easy) towards an existing NCP- Server.
It's probalbly no big deal to set it up, the problem is in front of the machine, I don't have any special VPN knowledge. So I ask if somebody can assisst?
Here is a copy of the NCP profile ini-file that works. The only thing I'm sure about that it works with a shared secret. The NCP client uses a TAP-Win32-Adapter. Its the only adapter on the client.
At the end of this post there is a copy of ovpn file I had a try with, including the log output,- but it does not log into the server.
The protocol (upd) and the server-ip (IP-SEC tunnel-endpoint 123.177.66.55) and the port (17999) are correct, I've checked this with a port scanner.
I hope somebody can help me with this.
best regards, "Wurke"
------NCP secure entry client profile - it works - "dump" to an ini-file------>>>>>>>>>>>>>>>>>>>>>>>>>>
[GENERAL]
Export=1
Product=NCP Secure Entry Client
Version=9.23 Build 12
Zeit=20.06.2011 15:23:12
[PROFILE1]
Name=OpenVPNalternative
ConnMedia=8
UseForAuto=0
UseRAS=0
BootProfile=0
UserName="xxxxxxxxxxx"
Password="þþþþþþþþþþþþþþþþ"
SavePw=0
PhoneNumber=
ScriptFile=
DialerUser=""
DialerPw="þ ,þþþþþþþþþ"
DialerPhone=
HttpName=
HttpPw=
HttpSavePw=0
HttpScript=
ComPort=1
Baudrate=57600
RelComPort=1
Modem=
InitStr=
DialPrefix=
3GApnSrc=1
3GProvider=
3GUser="xxxxxxxxxx"
3GPw="xxxxxxxx"
3GPhone=
APN=AT+cgdcont=1,"IP",""
GprsATCmd=AT+CPIN=
GprsPin=
PreAuthEap=0
PreAuthHttp=0
ConnMode=1
Timeout=0
MultiLink=0
MlThreshold=0
IKE-Policy=OpenVPNalternative
IPSec-Policy=OpenVPNalternative
ExchMode=4
IkeIdType=3
IkeIdStr=OpenVPNalternative
PkiConfig=
EnableNetBIOS=1
PriVoIP=0
ConnType=1
XAUTH-Id=""
XAUTH-Pw=""
Gateway=299.122.13.266
XAUTH-Src=0
UseTunnel=0
UseXAUTH=1
DisDPD=0
UseUdpEnc=500
UseUdpEncTmp=4500
PathFinder=0
IpAddrAssign=1
IPAddress=
SubnetMask=255.255.255.0
DNS1=0.0.0.0
DNS2=0.0.0.0
WINS1=0.0.0.0
WINS2=0.0.0.0
DomainName=
SubjectCert=
IssuerCert=
FingerPrint=
UseSHA1=0
Firewall=0
OnlyTunnel=0
RasOnlyTunnel=0
UseComp=0
PFS=1
IpsecLTSec=000:08:00:00
IkeLTSec=000:08:00:00
IPSecLTKb=128000
IPSecLTType=3
DNSActiv=0
DNS1Tmp=
DNS2Tmp=
WINS1Tmp=
WINS2Tmp=
Secret="þþþþþþþþþþþþþþ"
UsePreShKey=1
[IKEPOLICY1]
IkeName=
IkeCrypt=2
IkeHash=2
IkeAuth=1
IkeDhGroup=1
[IPSECPOLICY1]
IPSecName=OpenVPNalternative
IpsecCrypt=6
IpsecAuth=2
--<<<<<< end of NCP secure entry client ini-file------<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
--->>>ovpn-file- that does not work---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
client
remote 123.177.66.55
port 17999
proto udp
dev tap
Mon Jun 20 17:10:48 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Mon Jun 20 17:11:04 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Jun 20 17:11:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jun 20 17:11:04 2011 UDPv4 link local (bound): [undef]:17999
Mon Jun 20 17:11:04 2011 UDPv4 link remote: 123.177.66.55:17999