[Openswan Users] The authentication problems

rohit sahi rohitsahi at gmail.com
Thu Nov 4 12:11:26 CET 2004 

Dear All,

I am using openswan latest build and marcus miller tool for windows to
make an ipsec tunnel(road warrior configuration); where we know the ip
address of the clients.
objective is to install a PSK based (initially) Ipsec tunnel between
clients and server. so that the clients will be able to work from
there home at the pc.
the internal network behind the ipsec server is 10.140.0.0 and the
ipsec gateway is 61.95.x.x/27 the client's ip is 203.200.x.x/27
---------------------ipsec.conf--------------------------------------
here is the ipsec.conf and ipsec.secrets i am using on ipsec server
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	# klipsdebug=none
	# plutodebug="control parsing"

# Add connections here
conn rohit
	authby=secret|rsasig
	left=61.95.x.x/27
	leftsubnet=10.140.0.0/16
	leftnexthop=61.95.x.x
	right=203.200.x.x/27
	rightnexthop=203.200.x.x
	auto=start
# sample VPN connection
#sample#	conn sample
#sample#		# Left security gateway, subnet behind it, next hop toward right.
#sample#		left=10.0.0.1
#sample#		leftsubnet=172.16.0.0/24
#sample#		leftnexthop=10.22.33.44
#sample#		# Right security gateway, subnet behind it, next hop toward left.
#sample#		right=10.12.12.1
#sample#		rightsubnet=192.168.0.0/24
#sample#		rightnexthop=10.101.102.103
#sample#		# To authorize this connection, but not actually start it, at startup,
#sample#		# uncomment this.
#sample#		#auto=start

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

: PSK "rohit"
: RSA	{
	# RSA 2192 bits   vpn   Tue Nov  2 12:51:52 2004
	# for signatures only, UNSAFE FOR ENCRYPTION
	#pubkey=0sAQO0ISvy7w6cCarBtZqC7RKkjbEZ4r8FUkefbAw2zu2H40IKcLsS7XI9+Fp+AmgUgqia2O6WStJf4YeC0yKlHjXy8AHZTn99JflYkQsS2ZFA744HApYf5YY3+zDIjr0FrSPifX6Ff9lWSpIwEeJ4z5OPYA0qzdqWFo1x8yLFrvRvfMNCvY2dvXt4aX+am4jzxI/xNZqNEcyEPXSrbcaknd6W/yBwmaEJX3AQgFB8hWDlcaG+tlop+ZDZjtLQxT7XQXwfRbynfxwuf+YSZGmkN2HpqdmJwO8AKZbcZpSpT9o7OLtpzO81Pr3zw90UA1rWv5TaIPEv52xwYLKSBwMFbTh6utX3QeLufvV/s2X+s6NzRBV5
	Modulus: 0xb4212bf2ef0e9c09aac1b59a82ed12a48db119e2bf0552479f6c0c36ceed87e3420a70bb12ed723df85a7e02681482a89ad8ee964ad25fe18782d322a51e35f2f001d94e7f7d25f958910b12d99140ef8e0702961fe58637fb30c88ebd05ad23e27d7e857fd9564a923011e278cf938f600d2acdda96168d71f322c5aef46f7cc342bd8d9dbd7b78697f9a9b88f3c48ff1359a8d11cc843d74ab6dc6a49dde96ff207099a1095f701080507c8560e571a1beb65a29f990d98ed2d0c53ed7417c1f45bca77f1c2e7fe6126469a43761e9a9d989c0ef002996dc6694a94fda3b38bb69ccef353ebdf3c3dd14035ad6bf94da20f12fe76c7060b2920703056d387abad5f741e2ee7ef57fb365feb3a373441579
	PublicExponent: 0x03
	# everything after this point is secret
	PrivateExponent:
0x1e05875327d7c4ac472048ef15d22dc6179d8450752b8db69a920209227cebfb35ac681f2dd23db4feb9bfab1158c0716f2427c3b7230ffaebeb233070da5e5328004ee26a94dba98ec2d72dceed8ad297abd5c3affb965ea9dd76c274d64785fb14ea6b954ee3b7185d58506977eded3aacdc77a46e591792fddb20f27e1294cb35ca4244f4e9e966a2e419a65ce0164183d434a620822915974fa7294c4fc2ba43b28aec258c48163547c9fecef837a9d44159aa51206962baf73943639e0c319245c65f49d6516f19837479a649b2c55595081ec8610560b00528da71a18822c54712f121f92069890b5724ca2b560853e2e53e6eefd313c21db655fbee0e7a30bace546c70f26df5e28222af52ee38f1
	Prime1: 0xe4100644a6a2605252922bf7e688c9cd6fbf354001f7d7d58040a84adb3a60abd223eeb846797432d4dc3ff6f49e4c3f4f8e27c523c68f86c5d198e655c45cab121846c70732195638064c4ecc8857000ba9c3b30f670bb73c0d9a0cf544ba3731b9a3d584b2ee51942d69e1311aa6f027d91f0d280300b2d607828fb5de1ea5c35b0c84ffd2bfae23
	Prime2: 0xca31fb5e1fe1aa15cc0f253522ee7d25afd0a66cd2082ecc0a00afcd4cdb5edf6e7dd1d4409aaf73f05200351e3014ff217745e55dc6a36f1248685d0b643aa0673768034a759fb3a00543e7815b1f983acbf07e210afc338e14e3817da27713751654a89508a2569572668fa1b6c74bdd7b9df45da1232adb8ee958adfb28462cbbe55e87aeef11b3
	Exponent1: 0x980aaed86f16eae18c6172a5445b31339fd4ce2aabfa8fe3aad5c5873cd195c7e16d49d02efba2cc8de82aa4a31432d4dfb41a836d2f0a59d93665eee3d83dc761658484af76bb8ed00432df33058f555d1bd7ccb4ef5d24d2b3bc08a38326cf767bc28e5877498bb81e469620bc6f4ac53b6a08c55755cc8eafac5fce94146e823cb30355372a7417
	Exponent2: 0x86cbfce96a967163dd5f6e236c9efe191fe06ef336b01f32b155ca88dde79494f453e1382b11ca4d4ae15578becab8aa164f83ee3e846cf4b6daf03e079827159a24f00231a3bfcd1558d7efab9215102732a054160752cd0963425653c1a4b7a3643870635b16e463a199b51679da3293a7bea2e9161771e7b49b9073fcc5841dd298e9afc9f4b677
	Coefficient: 0xbe2fd02d3bd5b4a54b86b4f7194302749c43b59cca1dc51fa653875dd0c79221f39c982f61301f6bc8f25e1ca283197f21c2421f3b3ff74e7a523e5137a093215bd26456d6b7f88e69327e20d515b32b358e36eda604d0ecbfbfd153f52e3c46916b50f188be31c5570ad636306087cae90f1eddd1989374aeefbf26267ab11790e131cf1bddd52cf6
	}
# do not change the indenting of that "}"

i do not have a dns server where i can host my dns txt record no
firewall is used at this moment on the server; will be used later.




marcus miller ipsec.conf on windows is 

conn rohit
	authby=secret
        presharedkey="rohit"
        left=61.95.143.39
	leftsubnet=10.140.0.0/16
	leftnexthop=61.95.143.33
        right=%any
        rightnexthop=%defaultroute
	auto=start

how ever i am getting the authentication failed

please help


regards
rohit sahi

More information about the Users mailing list