[Openswan Users] The authentication problems
rohit sahi
rohitsahi at gmail.com
Thu Nov 4 12:11:26 CET 2004
Dear All,
I am using openswan latest build and marcus miller tool for windows to
make an ipsec tunnel(road warrior configuration); where we know the ip
address of the clients.
objective is to install a PSK based (initially) Ipsec tunnel between
clients and server. so that the clients will be able to work from
there home at the pc.
the internal network behind the ipsec server is 10.140.0.0 and the
ipsec gateway is 61.95.x.x/27 the client's ip is 203.200.x.x/27
---------------------ipsec.conf--------------------------------------
here is the ipsec.conf and ipsec.secrets i am using on ipsec server
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# Add connections here
conn rohit
authby=secret|rsasig
left=61.95.x.x/27
leftsubnet=10.140.0.0/16
leftnexthop=61.95.x.x
right=203.200.x.x/27
rightnexthop=203.200.x.x
auto=start
# sample VPN connection
#sample# conn sample
#sample# # Left security gateway, subnet behind it, next hop toward right.
#sample# left=10.0.0.1
#sample# leftsubnet=172.16.0.0/24
#sample# leftnexthop=10.22.33.44
#sample# # Right security gateway, subnet behind it, next hop toward left.
#sample# right=10.12.12.1
#sample# rightsubnet=192.168.0.0/24
#sample# rightnexthop=10.101.102.103
#sample# # To authorize this connection, but not actually start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
: PSK "rohit"
: RSA {
# RSA 2192 bits vpn Tue Nov 2 12:51:52 2004
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQO0ISvy7w6cCarBtZqC7RKkjbEZ4r8FUkefbAw2zu2H40IKcLsS7XI9+Fp+AmgUgqia2O6WStJf4YeC0yKlHjXy8AHZTn99JflYkQsS2ZFA744HApYf5YY3+zDIjr0FrSPifX6Ff9lWSpIwEeJ4z5OPYA0qzdqWFo1x8yLFrvRvfMNCvY2dvXt4aX+am4jzxI/xNZqNEcyEPXSrbcaknd6W/yBwmaEJX3AQgFB8hWDlcaG+tlop+ZDZjtLQxT7XQXwfRbynfxwuf+YSZGmkN2HpqdmJwO8AKZbcZpSpT9o7OLtpzO81Pr3zw90UA1rWv5TaIPEv52xwYLKSBwMFbTh6utX3QeLufvV/s2X+s6NzRBV5
Modulus: 0xb4212bf2ef0e9c09aac1b59a82ed12a48db119e2bf0552479f6c0c36ceed87e3420a70bb12ed723df85a7e02681482a89ad8ee964ad25fe18782d322a51e35f2f001d94e7f7d25f958910b12d99140ef8e0702961fe58637fb30c88ebd05ad23e27d7e857fd9564a923011e278cf938f600d2acdda96168d71f322c5aef46f7cc342bd8d9dbd7b78697f9a9b88f3c48ff1359a8d11cc843d74ab6dc6a49dde96ff207099a1095f701080507c8560e571a1beb65a29f990d98ed2d0c53ed7417c1f45bca77f1c2e7fe6126469a43761e9a9d989c0ef002996dc6694a94fda3b38bb69ccef353ebdf3c3dd14035ad6bf94da20f12fe76c7060b2920703056d387abad5f741e2ee7ef57fb365feb3a373441579
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent:
0x1e05875327d7c4ac472048ef15d22dc6179d8450752b8db69a920209227cebfb35ac681f2dd23db4feb9bfab1158c0716f2427c3b7230ffaebeb233070da5e5328004ee26a94dba98ec2d72dceed8ad297abd5c3affb965ea9dd76c274d64785fb14ea6b954ee3b7185d58506977eded3aacdc77a46e591792fddb20f27e1294cb35ca4244f4e9e966a2e419a65ce0164183d434a620822915974fa7294c4fc2ba43b28aec258c48163547c9fecef837a9d44159aa51206962baf73943639e0c319245c65f49d6516f19837479a649b2c55595081ec8610560b00528da71a18822c54712f121f92069890b5724ca2b560853e2e53e6eefd313c21db655fbee0e7a30bace546c70f26df5e28222af52ee38f1
Prime1: 0xe4100644a6a2605252922bf7e688c9cd6fbf354001f7d7d58040a84adb3a60abd223eeb846797432d4dc3ff6f49e4c3f4f8e27c523c68f86c5d198e655c45cab121846c70732195638064c4ecc8857000ba9c3b30f670bb73c0d9a0cf544ba3731b9a3d584b2ee51942d69e1311aa6f027d91f0d280300b2d607828fb5de1ea5c35b0c84ffd2bfae23
Prime2: 0xca31fb5e1fe1aa15cc0f253522ee7d25afd0a66cd2082ecc0a00afcd4cdb5edf6e7dd1d4409aaf73f05200351e3014ff217745e55dc6a36f1248685d0b643aa0673768034a759fb3a00543e7815b1f983acbf07e210afc338e14e3817da27713751654a89508a2569572668fa1b6c74bdd7b9df45da1232adb8ee958adfb28462cbbe55e87aeef11b3
Exponent1: 0x980aaed86f16eae18c6172a5445b31339fd4ce2aabfa8fe3aad5c5873cd195c7e16d49d02efba2cc8de82aa4a31432d4dfb41a836d2f0a59d93665eee3d83dc761658484af76bb8ed00432df33058f555d1bd7ccb4ef5d24d2b3bc08a38326cf767bc28e5877498bb81e469620bc6f4ac53b6a08c55755cc8eafac5fce94146e823cb30355372a7417
Exponent2: 0x86cbfce96a967163dd5f6e236c9efe191fe06ef336b01f32b155ca88dde79494f453e1382b11ca4d4ae15578becab8aa164f83ee3e846cf4b6daf03e079827159a24f00231a3bfcd1558d7efab9215102732a054160752cd0963425653c1a4b7a3643870635b16e463a199b51679da3293a7bea2e9161771e7b49b9073fcc5841dd298e9afc9f4b677
Coefficient: 0xbe2fd02d3bd5b4a54b86b4f7194302749c43b59cca1dc51fa653875dd0c79221f39c982f61301f6bc8f25e1ca283197f21c2421f3b3ff74e7a523e5137a093215bd26456d6b7f88e69327e20d515b32b358e36eda604d0ecbfbfd153f52e3c46916b50f188be31c5570ad636306087cae90f1eddd1989374aeefbf26267ab11790e131cf1bddd52cf6
}
# do not change the indenting of that "}"
i do not have a dns server where i can host my dns txt record no
firewall is used at this moment on the server; will be used later.
marcus miller ipsec.conf on windows is
conn rohit
authby=secret
presharedkey="rohit"
left=61.95.143.39
leftsubnet=10.140.0.0/16
leftnexthop=61.95.143.33
right=%any
rightnexthop=%defaultroute
auto=start
how ever i am getting the authentication failed
please help
regards
rohit sahi
More information about the Users
mailing list