[Openswan Users] freeswan-1.99: cannot respond to IPsec SA

Dennis Leist dl at byteeffect.de
Tue Mar 30 00:15:03 CEST 2004


Wolfman schrieb:

> Hi,
> I got a very similar Problem, if not the same:
> I have the NAT-T patch installed and working (finally), but it didn't 
> help. Some TIP: Kompile Kernel without patches, apply patch fox x.509, 
> compile it again, apply NAT-T patch, compile it again. It really takes 
> time, but whenever I tried it on another way, it failed. So this are 
> nearly 5 compiler runs.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ God, damn it! That is exactely the 
procedure I tried to avoid for the system is a productive one. :-((

>
> Ok, back to the Problem, as I said, my NAT-T is working:
> Mar 29 21:17:29 Linuxserver pluto[2218]: Starting Pluto (Openswan 
> Version 2.1.0 X.509-1.4.8 PLUTO_USES_KEYRR)
> Mar 29 21:17:29 Linuxserver pluto[2218]:   including NAT-Traversal 
> patch (Version 0.6c)

Which version are You currently using?

>
> I found something in the google groups, that told me to write down the 
> remote IP into my ipsec.conf. I did so, nothing changed
> I pasted my ipsec.conf and my auth.log. If someone knows how to help, 
> would be great.
>
> psec.conf:
> config setup
>         nat_traversal=yes
>
> # Add connections here.
>
> conn %default
>         keyingtries=0
>         disablearrivalcheck=no
>         authby=rsasig
>         rightrsasigkey=%cert
>         auto=add
>         left=%defaultroute
>         leftrsasigkey=%cert
>         leftcert=VPN-Gateway-Cert.pem
>         leftid="<Certificate ID>"

Why that? I encountered a problem when leftid is given.
I don't remember the error message, but it said: when leftid is given, 
rightid must be given as well.

>         leftupdown=/usr/lib/ipsec/_updown_x509
>
> conn p2n
>         right=%any
>         leftsubnet=192.168.107.0/24
>         rightsubnet=192.168.107.123/32

Shot in the dark: You may use:
leftprotoport=17/0
rightprotoport=17/01

Good luck



More information about the Users mailing list