<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial">Hi,<br>
</font><br>
before opening tunnel you have to add it first.<br>
for that you have to execute <br>
ipsec auto --add <Connection Name><br>
then use<br>
ipsec auto --up <Connection Name><br>
at roadwarrior (laptop) and only ipsec auto --add at server(gateway).<br>
<br>
Regards,<br>
Utkarsh Shah<br>
<br>
<blockquote cite="midmailman.94.1178585118.17318.users@openswan.org"
type="cite">
<pre wrap="">Hi there,
I have some problems setting up a working roadwarrior connection.
I'am able to setup a normal connection with the net-to-net as defined on the
openswan website.
but the roadwarrior connection is a problem. can any of you guys look into
to this problem because it constantly gives the error
Ipsec is working correctly
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec
on-path [OK]
Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
Checking for IPsec support in
kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets)
[OK]
Checking that pluto is
running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
[N/A]
Checking for 'ip'
command [OK]
Checking for 'iptables'
command [OK]
Opportunistic Encryption
Support [DISABLED]
The Gateway
#
#File: /etc/ipsec.conf
#
conn road
left=172.16.12.33 # Gateway's information
leftid=@r119-lnx-adm #
leftsubnet=255.255.0.0/24 #
leftrsasigkey=0sAQNn+Bw0b #
rightnexthop=%default # correct in many situations
right=%any # Wildcard: we don't know the
laptop's IP
<a class="moz-txt-link-abbreviated" href="mailto:rightid=@road.douwe.com">rightid=@road.douwe.com</a> #
rightrsasigkey=0sAQPNANYL #
auto=start # authorizes but doesn't
start this
# connection at
startup
The Roadwarrior
#
#File: /etc/ipsec.conf
#
conn road
left=%defaultroute # Picks up our dynamic IP
<a class="moz-txt-link-abbreviated" href="mailto:leftid=@road.douwe.com">leftid=@road.douwe.com</a> # Local information
leftrsasigkey=0sAQPNANYL #
right=172.16.12.33 # Remote information
rightsubnet=255.255.0.0/24 #
<a class="moz-txt-link-abbreviated" href="mailto:rightid=@xy.example.com">rightid=@xy.example.com</a> #
rightrsasigkey=0sAQNn+Bw0b #
auto=start # authorizes but doesn't
start this
# connection at
startup
Ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 172.16.12.33
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000
000
Ipsec auto --up road
021 no connection named "road"
Rather strange, if one of you guys know the answer to my problem I'am
looking forward to here from you,
Sincerly yours,
Tjeard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <a class="moz-txt-link-freetext" href="http://lists.openswan.org/pipermail/users/attachments/20070507/7c1d96a4/attachment.html">http://lists.openswan.org/pipermail/users/attachments/20070507/7c1d96a4/attachment.html</a>
------------------------------
Message: 4
Date: Mon, 7 May 2007 17:15:38 -0700
From: "Gupta, Praveen" <a class="moz-txt-link-rfc2396E" href="mailto:pgupta@road-inc.com"><pgupta@road-inc.com></a>
Subject: [Openswan Users] IPSec Guru needed
To: <a class="moz-txt-link-rfc2396E" href="mailto:users@openswan.org"><users@openswan.org></a>
Message-ID:
        <a class="moz-txt-link-rfc2396E" href="mailto:A144B9267726CE4DB883D7EC0F19D51C03BBAA53@mail4.atroad.com"><A144B9267726CE4DB883D7EC0F19D51C03BBAA53@mail4.atroad.com></a>
Content-Type: text/plain; charset="us-ascii"
Hi,
I am a newbie to Openswan. Sorry for this posting in advance, if it is
out of place.
We are looking for an OpenSwan Guru in Bay-area for about 3-month
consulting assignment. If anybody is interested then please respond to
my email.
WiFi & Radius experience is desirable.
Thx, -Praveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <a class="moz-txt-link-freetext" href="http://lists.openswan.org/pipermail/users/attachments/20070507/07c4ae94/attachment.html">http://lists.openswan.org/pipermail/users/attachments/20070507/07c4ae94/attachment.html</a>
------------------------------
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
End of Users Digest, Vol 42, Issue 10
*************************************
</pre>
</blockquote>
</body>
</html>