[Openswan Users] Problem of ping
Jérémie Wetzler
jwetzler at reseaux-bureautique.com
Wed Aug 11 14:15:35 CEST 2004
Hi,
I just subscribe to the mailing list recently
I’m actually working on Opoenswan for my Companie. Openswan doesn’t work in
a LAN (with a router with 2 interfaces). Negociating Security IP and when I
sniff the network, I can see “Isa KMP phase 1, IKE PHASE 2 ” and “frag IP”.
I retried the how to of Nate Carlson with certificates but it doesn’t work
I give you my conf
Linux:
version 2.0
config setup
interfaces=%defaultroute
#interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:192.1.0.0/24,%v4:192.168.0.0/24
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
# leftsubnet <=> reseau interne derriere le windows
leftsubnet=192.1.0.0/24
also=roadwarrior
conn roadwarrior
# right<=>ip de la patte du serveur vers le windows (ip publique)
left=%defaultroute
leftcert=freeswan.pem
right=%any
rightsubnet=vhost:%no,%priv
# left<=>ip du windows a l'interieur du subnet
auto=add
pfs=yes
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
the windows
conn roadwarrior
# left <=> mon ip du windows client derrière un eventuel LAN
left=%any
# Ip du serveur du coté du client windows
right=192.1.0.142
# Contenu du certificat: openssl x509 -in demoCA/cacert.pem -noout
-subject
rightca="C=FR, S=France, L=Montreuil, O=RXBURO, CN=jeremie,
Email=jwetzler at reseaux-bureautique.com"
network=auto
auto=start
pfs=yes
conn roadwarrior-net
# left <=> mon ip personnel du windows derrière un eventuel LAN
left=%any
# right <=> ip publique du firewall
right=192.1.0.142
rightsubnet=192.168.0.0/24
rightca="C=FR, S=France, L=Montreuil, O=RXBURO, CN=jeremie,
Email=jwetzler at reseaux-bureautique.com"
network=auto
auto=start
pfs=yes
When I try a ipsec barf everything is ok however it says ipsec.secrets
[FAILED
Ipsec.secrets
: RSA freeswan.key "azerty"
Ipsec barf
Aug 10 13:46:47 zia ipsec_setup: Starting Openswan IPsec 2.1.4...
Aug 10 13:46:47 zia ipsec_setup: Using /lib/modules/2.4.18/kernel/ipsec.o
Aug 10 13:46:47 zia kernel: klips_info:ipsec_init: KLIPS startup, Openswan
IPsec version: 2.1.4
Aug 10 13:46:47 zia ipsec_setup: KLIPS debug `none'
Aug 10 13:46:47 zia ipsec_setup: KLIPS ipsec0 on eth0
192.1.0.142/255.255.255.0 broadcast 192.1.0.255
Aug 10 13:46:47 zia ipsec_setup: ...Openswan IPsec started
+ _________________________ plog
+ sed -n '181033,$p' /var/log/auth.log
+ egrep -i pluto
+ cat
Aug 10 13:46:47 zia ipsec__plutorun: Starting Pluto subsystem...
Aug 10 13:46:47 zia pluto[23287]: Starting Pluto (Openswan Version 2.1.4
X.509-1.4.8-1 PLUTO_USES_KEYRR)
Aug 10 13:46:47 zia pluto[23287]: including NAT-Traversal patch (Version
0.6c)
Aug 10 13:46:47 zia pluto[23287]: Using KLIPS IPsec interface code
Aug 10 13:46:47 zia pluto[23287]: Changing to directory
'/etc/ipsec.d/cacerts'
Aug 10 13:46:47 zia pluto[23287]: loaded cacert file 'cacert.pem' (1598
bytes)
Aug 10 13:46:47 zia pluto[23287]: loaded cacert file 'RootCA.der' (1140
bytes)
Aug 10 13:46:47 zia pluto[23287]: Changing to directory '/etc/ipsec.d/crls'
Aug 10 13:46:47 zia pluto[23287]: loaded crl file 'crl.pem' (678 bytes)
Aug 10 13:46:47 zia pluto[23287]: added connection description "block"
Aug 10 13:46:47 zia pluto[23287]: added connection description
"clear-or-private"
Aug 10 13:46:48 zia pluto[23287]: added connection description
"packetdefault"
Aug 10 13:46:48 zia pluto[23287]: loaded host cert file
'/etc/ipsec.d/certs/freeswan.pem' (4964 bytes)
Aug 10 13:46:48 zia pluto[23287]: added connection description
"roadwarrior-net"
Aug 10 13:46:48 zia pluto[23287]: loaded host cert file
'/etc/ipsec.d/certs/freeswan.pem' (4964 bytes)
Aug 10 13:46:48 zia pluto[23287]: added connection description "roadwarrior"
Aug 10 13:46:48 zia pluto[23287]: added connection description "private"
Aug 10 13:46:48 zia pluto[23287]: added connection description "clear"
Aug 10 13:46:48 zia pluto[23287]: added connection description
"private-or-clear"
Aug 10 13:46:48 zia pluto[23287]: listening for IKE messages
Aug 10 13:46:48 zia pluto[23287]: adding interface ipsec0/eth0 192.1.0.142
Aug 10 13:46:48 zia pluto[23287]: adding interface ipsec0/eth0
192.1.0.142:4500
Aug 10 13:46:48 zia pluto[23287]: loading secrets from "/etc/ipsec.secrets"
Aug 10 13:46:48 zia pluto[23287]: loaded private key file
'/etc/ipsec.d/private/freeswan.key' (1743 bytes)
Aug 10 13:46:48 zia pluto[23287]: loading group
"/etc/ipsec.d/policies/private-or-clear"
Aug 10 13:46:48 zia pluto[23287]: loading group
"/etc/ipsec.d/policies/clear"
Aug 10 13:46:48 zia pluto[23287]: loading group
"/etc/ipsec.d/policies/private"
Aug 10 13:46:48 zia pluto[23287]: loading group
"/etc/ipsec.d/policies/clear-or-private"
Aug 10 13:46:48 zia pluto[23287]: loading group
"/etc/ipsec.d/policies/block"
+ _________________________ date
+ date
Tue Aug 10 13:46:51 CEST 2004
If you could help me it would be great
Thanks
Jérémie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040811/d50075e9/attachment-0001.htm
More information about the Users
mailing list