<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>IPSec Install files</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff
size=2></FONT> </DIV>
<DIV><SPAN class=991395120-30102007></SPAN><FONT face=Arial><FONT
color=#0000ff><FONT
size=2>I have missing libraries for iptables as my client is an embedded OS.</FONT></FONT></FONT></DIV>
<DIV><SPAN class=991395120-30102007></SPAN><FONT face=Arial><FONT
color=#0000ff><FONT size=2>D<SPAN class=991395120-30102007>oes laptop has to
have a DHCP configuration. Can it not work with static IP also (both openswan
nodes with static IP for Road warrior
configuration).</SPAN></FONT></FONT></FONT></DIV>
<DIV><FONT><FONT color=#0000ff><FONT size=2><SPAN
class=991395120-30102007></SPAN></FONT></FONT></FONT><SPAN
class=991395120-30102007></SPAN><FONT face=Arial><FONT color=#0000ff><FONT
size=2>I<SPAN class=991395120-30102007> tested two linux boxes with static IP
and they seems to be working well..</SPAN></FONT></FONT></FONT><BR></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter McGill [mailto:petermcgill@goco.net]
<BR><B>Sent:</B> Tuesday, October 30, 2007 6:42 AM<BR><B>To:</B> Vuppula,
Srinivas<BR><B>Subject:</B> RE: [Openswan Users] IPSec auto up
error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>You might try cc'ing the list, as you may get more answers
that way.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>A quick lookup at cpan.org tells me that Getopt::Long is
standard with Perl 5.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>I suggest reinstalling the latest Perl.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>Seems to me that your server side config is also missing
leftnexthop=%defaultroute.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>Are you starting the connection on the laptop, the
connection must be started on the laptop,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>because the laptop ip is dynamic the server doesn't know
what it is, until the laptop connects.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>Is your firewall rules configured to allow IPSec, you need
to permit the following in your firewall</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>rules on both sides:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>ESP, ISAKMP (and optionally UDP 4500, AH)
ie:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>iptables -t filter -I INPUT -p 50 -j ACCEPT #
ESP</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>iptables -t filter -I INPUT -p udp --dport 500 -j ACCEPT #
ISAKMP</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>Run the following on both sides:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>ipsec restart</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>Then show the output on both sides
from:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>ipsec status</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial
color=#0000ff size=2>I want to make sure your conn's are actually loaded and not
hitting some error.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas
[mailto:srinivas.vuppula@intel.com] <BR><B>Sent:</B> October 29, 2007 5:38
PM<BR><B>To:</B> Vuppula, Srinivas; petermcgill@goco.net<BR><B>Subject:</B>
RE: [Openswan Users] IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=222493621-29102007><FONT face=Arial
color=#0000ff size=2>one more thing observed. The command ipsec verify fails
on my system as</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=222493621-29102007><FONT face=Arial
color=#0000ff size=2>sh-3.1# ipsec verify<BR>Can't locate Getopt/Long.pm in
@INC (@INC contains:
/usr/lib64/perl5/site_perl/5<BR>.8.8/x86_64-linux-thread-multi
/usr/lib64/perl5/site_perl/5.8.7/x86_64-linux-thr<BR>ead-multi
/usr/lib64/perl5/site_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/<BR>perl5/site_perl/5.8.5/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8 /<BR>usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-m<BR>ulti
/usr/lib64/perl5/vendor_perl/5.8.7/x86_64-linux-thread-multi
/usr/lib64/per<BR>l5/vendor_perl/5.8.6/x86_64-linux-thread-multi
/usr/lib64/perl5/vendor_perl/5.8.<BR>5/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vend<BR>or_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8
.)<BR> at /usr/local/libexec/ipsec/verify line 427.<BR>BEGIN
failed--compilation aborted at /usr/local/libexec/ipsec/verify line
427.<BR>sh-3.1# cd /usr/lib64/perl5/<BR>sh-3.1# ls<BR>5.8.5 5.8.6
5.8.7 5.8.8</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=222493621-29102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=222493621-29102007><FONT face=Arial
color=#0000ff size=2>I had the above versions of perl. Is any library missing.
Where is the Getopt/Long.pm found?</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas <BR><B>Sent:</B>
Monday, October 29, 2007 2:28 PM<BR><B>To:</B>
'petermcgill@goco.net'<BR><B>Subject:</B> RE: [Openswan Users] IPSec auto up
error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=554422721-29102007><FONT face=Arial
color=#0000ff size=2>Peter,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=554422721-29102007><FONT face=Arial
color=#0000ff size=2>This did not changed the error. I get the same
error.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Monday, October 29, 2007 6:15
AM<BR><B>To:</B> Vuppula, Srinivas<BR><B>Subject:</B> RE: [Openswan Users]
IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=201201313-29102007><FONT face=Arial
color=#0000ff size=2>See below....</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT face=Arial
size=2></FONT><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas
[mailto:srinivas.vuppula@intel.com] <BR><B>Sent:</B> October 26, 2007 5:40
PM<BR><B>To:</B> petermcgill@goco.net<BR><B>Subject:</B> [Openswan Users]
IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=789503121-26102007>I
get the following error </SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=789503121-26102007></SPAN></FONT> </DIV>
<DIV><FONT size=+0><SPAN class=789503121-26102007>
<P><FONT face=Arial color=#ff0000 size=2>sh-3.1# ipsec auto --up
net-to-net</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>pluto[1349]: "net-to-net" #1:
initiating Main Mode</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>104 "net-to-net" #1: STATE_MAIN_I1:
initiate</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>pluto[1349]: "net-to-net" #1:
ERROR: asynchronous network error report on eth0 (</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>sport=500) for message to
192.168.1.101 port 500, complainant 192.168.1.102: No</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>route to host [errno 113, origin
ICMP type 3 code 1 (not authenticated)]</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>010 "net-to-net" #1: STATE_MAIN_I1:
retransmission; will wait 20s for response</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>pluto[1349]: "net-to-net" #1:
ERROR: asynchronous network error report on eth0 (</FONT></P>
<P><FONT face=Arial color=#ff0000 size=2>sport=500) for message to
192.168.1.101 port 500, complainant 192.168.1.102: No</FONT></P>
<P><FONT face=Arial><FONT size=2><FONT color=#ff0000>route to host [errno
113, origin ICMP type 3 code 1 (not authenticated)]<SPAN
class=789503121-26102007> </SPAN></FONT></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007></SPAN></FONT></FONT></FONT> </P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>Here are the conf
files.</SPAN></FONT></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>ipsec.conf for left system
(laptop)</SPAN></FONT></FONT></FONT></P><FONT size=+0><SPAN
class=789503121-26102007>
<P><FONT face=Arial size=2>conn net-to-net</FONT></P>
<P><FONT face=Arial size=2>left=%defaultroute</FONT></P>
<P><FONT face=Arial size=2>leftid=@left.com</FONT></P>
<P><FONT face=Arial
size=2>leftrsasigkey=0sAQNtMrIb5/4YLj17/Id4AcXSdeVXYVMVn5xtBxSde8qihvGPovfxOprKALsHHUw2aQizCz9aKZjYZHhtXmOzrhSb4G7PbPGkzQjNy8uI/rifGi7SpTJKhiknh9hTJa30HGBRb6mkxOfJZf6BMTsiGvZk/2mtpeRCj94hIFVBfd5sjIRJMkbEjEcBfvtfHuIq2+9K2ZY9YRjtlLNv63yZqb/TMexVc+nfyPf+0zvq50fKtZcopyV9+Ir8WK/PnF6dszLEubZlnGO4GrLCyzooL8xBeuXx1peePLupDa2+m0IRN+BSXO9zDBzxse1jSoGszD6XdjxXqa2KbExHLamcXlBSfpCrUO3dd/lEJJlhJCIZ+Ptp</FONT></P>
<P><FONT face=Arial size=2>right=192.168.1.101</FONT></P>
<P><FONT face=Arial size=2>rightid=@right.com</FONT></P>
<P><FONT face=Arial
size=2>rightrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwIdNGZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePqrP1uvTOFJ89RcFCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8wtKm7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFKR0p1gdwWXWfWVPDktpSVV6MxmyDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSKY2SgygQ6BO/Ua70MoIAxyy76N</FONT></P>
<P><FONT face=Arial><FONT size=2>auto=add<SPAN
class=789503121-26102007><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT size=2><SPAN
class=789503121-26102007></SPAN></FONT></FONT> </P>
<P><FONT face=Arial><FONT size=2><SPAN class=789503121-26102007><FONT
color=#0000ff>ipsec.conf for right system (one with statis IP
configured)</FONT></SPAN></FONT></FONT></P><SPAN class=789503121-26102007>
<P><FONT face=Arial size=2>conn net-to-net</FONT></P>
<P><FONT face=Arial size=2>left=192.168.1.101</FONT></P>
<P><FONT face=Arial size=2>leftid=@right.com</FONT></P>
<P><FONT face=Arial
size=2>leftrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwIdNGZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePqrP1uvTOFJ89RcFCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8wtKm7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFKR0p1gdwWXWfWVPDktpSVV6MxmyDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSKY2SgygQ6BO/Ua70MoIAxyy76N</FONT></P>
<P><FONT face=Arial size=2>rightnexthop=%defaultroute</FONT></P>
<P><FONT face=Arial><FONT size=2>right=%defaultroute<SPAN
class=201201313-29102007><FONT
color=#0000ff> </FONT></SPAN></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff size=2><SPAN
class=201201313-29102007>This needs to be right=%any for road warrior
connections from dynamic (any) address. Peter</SPAN></FONT></FONT><FONT
face=Arial><FONT size=2><SPAN
class=201201313-29102007> </SPAN></FONT></FONT></P>
<P><FONT face=Arial size=2>rightid=@left.com</FONT></P>
<P><FONT face=Arial
size=2>rightrsasigkey=0sAQNtMrIb5/4YLj17/Id4AcXSdeVXYVMVn5xtBxSde8qihvGPovfxOprKALsHHUw2aQizCz9aKZjYZHhtXmOzrhSb4G7PbPGkzQjNy8uI/rifGi7SpTJKhiknh9hTJa30HGBRb6mkxOfJZf6BMTsiGvZk/2mtpeRCj94hIFVBfd5sjIRJMkbEjEcBfvtfHuIq2+9K2ZY9YRjtlLNv63yZqb/TMexVc+nfyPf+0zvq50fKtZcopyV9+Ir8WK/PnF6dszLEubZlnGO4GrLCyzooL8xBeuXx1peePLupDa2+m0IRN+BSXO9zDBzxse1jSoGszD6XdjxXqa2KbExHLamcXlBSfpCrUO3dd/lEJJlhJCIZ+Ptp</FONT></P>
<P><FONT face=Arial size=2>auto=add</FONT></P>
<P><FONT color=#0000ff></FONT></SPAN> </P></SPAN></FONT>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007></SPAN></FONT></FONT></FONT> </P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>Any idea what could be
wrong?</SPAN></FONT></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>Before starting ipsec, i could ping both systems
from each other. I am trying to use Roadwarior
configuration. </SPAN></FONT></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007></SPAN></FONT></FONT></FONT> </P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>Thanks alot,</SPAN></FONT></FONT></FONT></P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007></SPAN></FONT></FONT></FONT> </P>
<P><FONT face=Arial><FONT color=#0000ff><FONT size=2><SPAN
class=789503121-26102007>Srinivas
</SPAN></FONT></FONT></FONT></P></SPAN></FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>