[Openswan Users] interop between freeswan 1.99 & openswan 2.2

zdust2 at relayeur.com zdust2 at relayeur.com
Sun Dec 5 09:41:50 CET 2004 

hi i m trying to migrate oone site on my tunnel to openswan 2.2 from
freeswan 1.99 (that was working with freeswan on both side)


the config files are at the end.(shared key)

thanks


=====>on the freeswan side, i have a tunnel UP:
ipsec auto --verbose --up vpn2
002 "vpn2" #118: initiating Main Mode
104 "vpn2" #118: STATE_MAIN_I1: initiate
106 "vpn2" #118: STATE_MAIN_I2: sent MI2, expecting MR2
108 "vpn2" #118: STATE_MAIN_I3: sent MI3, expecting MR3
002 "vpn2" #118: Main mode peer ID is ID_IPV4_ADDR: '80.119.34.xxx'
002 "vpn2" #118: ISAKMP SA established
004 "vpn2" #118: STATE_MAIN_I4: ISAKMP SA established
002 "vpn2" #120: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
117 "vpn2" #120: STATE_QUICK_I1: initiate
002 "vpn2" #120: sent QI2, IPsec SA established
004 "vpn2" #120: STATE_QUICK_I2: sent QI2, IPsec SA established
-----------------
=====>on the openswan:
 ipsec auto --verbose --up sample
002 "sample" #36: initiating Main Mode
104 "sample" #36: STATE_MAIN_I1: initiate
002 "sample" #36: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "sample" #36: STATE_MAIN_I2: sent MI2, expecting MR2
002 "sample" #36: I did not send a certificate because I do not have one.
002 "sample" #36: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "sample" #36: STATE_MAIN_I3: sent MI3, expecting MR3
002 "sample" #36: Peer ID is ID_IPV4_ADDR: '83.115.142.yyy'
002 "sample" #36: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
002 "sample" #36: ISAKMP SA established
004 "sample" #36: STATE_MAIN_I4: ISAKMP SA established
002 "sample" #37: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using
isakmp#36}
112 "sample" #37: STATE_QUICK_I1: initiate
010 "sample" #37: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "sample" #37: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "sample" #37: max number of retransmissions (2) reached STATE_QUICK_I1
000 "sample" #37: starting keying attempt 2 of at most 3, but releasing whack
[root at localhost openswan]# ipsec auto --verbose --up sample
002 "sample" #40: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using
isakmp#36}
112 "sample" #40: STATE_QUICK_I1: initiate
010 "sample" #40: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "sample" #40: STATE_QUICK_I1: retransmission; will wait 40s for response



........
===>and the freeswan config file:
config setup
        interfaces="ipsec0=ppp0"
        klipsdebug=none
        plutodebug=all
        plutoload=%search
        plutostart=%search

conn vpn2
        left=80.119.34.xxx
        leftsubnet=192.168.11.0/24
        leftnexthop=
        right=83.115.142.yyy
        rightsubnet=192.168.12.0/24
        rightnexthop=193.253.160.3
        leftid=80.119.34.xxx
        rightid=83.115.142.yyy
        pfs=no
        auto=start
.........
the openswan one:
conn sample
        left=80.119.34.xxx
        leftsubnet=192.168.11.0/24
        leftnexthop=80.119.34.1
        right=83.115.142.yyy
        rightsubnet=192.168.12.0/24
        rightnexthop=
        leftid=80.119.34.xxx
        rightid=83.115.142.yyy
        pfs=no
        disablearrivalcheck=no
        auto=start

More information about the Users mailing list