Hi Paul,<br><br>Very thanks for your help:<br><br>I made all changes that you suggest, now is happenning another error:<br><br><b>>>sudo ipsec setup --start<br>openswan failed to exec the requested action - the following error occured:<br>
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:66: syntax error, unexpected STRING [leftxauthuser]</b><br><br>This is my new ipsec.conf:<br><br><br><br>config setup<br> interfaces="%defaultroute"<br>
protostack=. <br> klipsdebug=none<br> plutodebug=none<br> manualstart=<br> plutoload=<br><br>conn company<br> authby=secret<br> pfs=yes<br> keyexchange=ike<br> left=myIP<br> leftxauthclient=yes <br>
<b> leftxauthuser= </b><br> right=MyCompanyIP<br> auto=start<br><br>------------------------------------------------------------------------------<br><br>This is my new ipsec.secrets:<br><br>@myuser : XAUTH "mypass"<br>
<br><br>Obs.:*** I delete this previous line: @groupcompany 999.999.999.999 : PSK "ab927263cc4654645f334"<br>And not, this is not my real secret, it's updated.<br><br><b>My Question: The above secret line should exists or remove it ?</b><br>
<br>Thanks;<br>Victor Jabur.<br><br><div class="gmail_quote">2011/7/28 Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Thu, 28 Jul 2011, <a href="mailto:victorjabur@gmail.com" target="_blank">victorjabur@gmail.com</a> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm trying to configure the openswan on my Linux Ubuntu 11.04 x64 machine to access the VPN Windows Checkpoint.<br>
<br>
I already installed openswan and the question is how correct configuration to make it.<br>
<br>
1) This is my /etc/ipsec.conf<br>
<br>
config setup<br>
interfaces="ipsec0=ppp0"<br>
klipsdebug=none<br>
plutodebug=none<br>
manualstart=<br>
plutoload=<br>
</blockquote>
<br></div>
Specify interfaces="%defaultroute" and protostack=. The ipsec0 interface is only available<br>
with protostack=klips not with protostack=netkey (the default kernel only supports netkey)<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
conn company<br>
type=tunnel<br>
left=%defaultroute<br>
leftid=@groupcompany <br>
leftxauthclient=yes<br>
right=999.999.999.999<br>
rightxauthserver=yes<br>
keyexchange=ike<br>
auth=esp<br>
pfs=no<br>
<br>
<br>
conn company_1<br>
left=%defaultroute<br>
leftid=@groupcompany<br>
leftxauthclient=yes<br>
right=999.999.999.999 # IP of VPN Server<br>
rightxauthserver=yes<br>
authby=secret<br>
auto=add<br>
<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2) This is my /etc/ipsec.secrets<br>
<br>
@groupcompany 999.999.999.999 : PSK "ab927263cc4654645f334"<br>
</blockquote>
<br></div>
If that is your production secret, please change it as you just posted it to everyone!!<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The only information that i have to connect on the VPN Server is:<br>
IP: 999.999.999.999<br>
Username: myuser<br>
Password: MyPass<br>
</blockquote>
<br></div>
Try using leftxauthuser= and add the passwd in ipsec.secrets:<br>
<br>
@myuser : XAUTH "MyPass"<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
There is any way to detect the problem ? Would you help me to make the correct configurations ?<br>
</blockquote>
<br></div>
Check /var/log/secure or /var/log/auth*<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Atenciosamente,<br><br>Victor Hugo Jabur Passavaz<br>Fone: (11) 9886-7921<br>Skype: victorjabur<br>MSN: <a href="mailto:victorhjp@hotmail.com" target="_blank">victorhjp@hotmail.com</a><br>
GTalk: <a href="mailto:victorjabur@gmail.com" target="_blank">victorjabur@gmail.com</a><br>Blog: <a href="http://www.victorjabur.com" target="_blank">www.victorjabur.com</a><br>Twitter: <a href="http://www.twitter.com/victorjabur" target="_blank">http://www.twitter.com/victorjabur</a><br>
LinkedIn: <a href="http://br.linkedin.com/in/victorpassavaz" target="_blank">http://br.linkedin.com/in/victorpassavaz</a><br><br><img src="http://arquivos.victorjabur.com/logotipo/victor.jpg"><br><br>