[Openswan Users] problem with linux to linux ipsec-vpn with x509

foren titze freeswan at gmx.net
Tue Mar 23 09:50:59 CET 2004


hello folks,

i have set up an tunnel with x509 certificates and between windows 
(roadwarrior) and linux (server) with l2tp. yeah!

now i would like to establish a "normal" ipsec tunnel from an linux 
roadwarrior to the linux server with openswan 1.0.1 on both sides.

I transfered the needed certificates and put it in the right  directories. 
my config client file: 
-------------------------
#version 2

# basic configuration

config setup
     interfaces=%defaultroute
     klipsdebug=none
     plutodebug=none
     uniqueids=yes
     plutoload=%search
     plutostart=%search
     #nat_traversal=yes
     #overridemtu=1492

conn %default
     keyingtries=0
     disablearrivalcheck=no

conn roadwarrior
     compress=yes
     leftrsasigkey=%cert
     rightrsasigkey=%cert
     leftid="C=DE/S..."
     leftcert=certs/vpncert.pem
     authby=rsasig
     right=%any
     left=62.96.xxx.xxx
     leftnexthop=%defaultroute
     rightnexthop=62.96.xxx.xxx
     rightid="C=de/ST=germa..."
     rightcert=certs/benjamin_linux_cert.pem
     auto=add

conn roadwarrior_subnet
     left=62.96.xxx.xxx
     leftsubnet=192.168.121.0/24
     also=roadwarrior

conn block 
...
---------------

and the ipsec barf tail:
-------------
Mar 23 09:31:30 localhost pluto[5162]: | from whack: got --esp=3des
Mar 23 09:31:30 localhost pluto[5162]: | from whack: got --ike=3des
Mar 23 09:31:30 localhost pluto[5162]:   loaded host cert file 
'/etc/ipsec.d/certs/vpncert.pem' (4938 bytes)
Mar 23 09:31:30 localhost pluto[5162]:   loaded host cert file 
'/etc/ipsec.d/certs/benjamin_linux_cert.pem' (4995 bytes)
Mar 23 09:31:30 localhost pluto[5162]: added connection description 
"roadwarrior"
Mar 23 09:31:30 localhost pluto[5162]: listening for IKE messages
Mar 23 09:31:30 localhost pluto[5162]: adding interface ipsec0/eth0 
192.168.110.142
Mar 23 09:31:30 localhost pluto[5162]: loading secrets from 
"/etc/ipsec.secrets"
Mar 23 09:31:30 localhost pluto[5162]:   loaded private key file 
'/etc/ipsec.d/private/benjamin_linux.key' (2833 bytes)
Mar 23 09:31:32 localhost pluto[5162]: "roadwarrior": we have no ipsecN 
interface for either end of this connection
---------------

when i replace right=%any with right=%defaultroute i get no useable connection 
to start. like:
----
Mar 23 09:49:29 localhost pluto[7646]: Changing to directory 
'/etc/ipsec.d/cacerts'
Mar 23 09:49:29 localhost pluto[7646]:   loaded cacert file 'cacert.pem' (1586 
bytes)
Mar 23 09:49:29 localhost pluto[7646]: Changing to directory 
'/etc/ipsec.d/crls'
Mar 23 09:49:29 localhost pluto[7646]:   loaded crl file 'crl.pem' (674 bytes)
Mar 23 09:49:29 localhost pluto[7646]: OpenPGP certificate file 
'/etc/pgpcert.pgp' not found
Mar 23 09:49:29 localhost pluto[7646]: listening for IKE messages
Mar 23 09:49:29 localhost pluto[7646]: adding interface ipsec0/eth0 
192.168.110.142
Mar 23 09:49:29 localhost pluto[7646]: adding interface ipsec0/eth0 
192.168.110.142:4500
Mar 23 09:49:29 localhost pluto[7646]: loading secrets from 
"/etc/ipsec.secrets"
Mar 23 09:49:29 localhost pluto[7646]:   loaded private key file 
'/etc/ipsec.d/private/benjamin_linux.key' (2833 bytes)
----

how can i change the config's to establish a tunnel?

thanks a lot




More information about the Users mailing list