[Openswan Users] help required unable to authenticate
Rohit Sahi
rohit.sahi at scicmp.com
Wed Nov 10 16:34:14 CET 2004
Dear All,
I am using openswan latest build and marcus miller tool for windows to
make an ipsec tunnel(road warrior configuration); where we know the ip
address of the clients.
objective is to install a PSK based (initially) Ipsec tunnel between
clients and server. so that the clients will be able to work from
there home at the pc.
the internal network behind the ipsec server is 10.140.0.0 and the
ipsec gateway is 61.95.x.x/27 the client's ip is 203.200.x.x/27
---------------------ipsec.conf--------------------------------------
here is the ipsec.conf and ipsec.secrets i am using on ipsec server
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# Add connections here
conn rohit
authby=secret|rsasig
left=61.95.x.x/27
leftsubnet=10.140.0.0/16
leftnexthop=61.95.x.x
right=203.200.x.x/27
rightnexthop=203.200.x.x
auto=start
# sample VPN connection
#sample# conn sample
#sample# # Left security gateway, subnet behind it, next hop
toward right.
#sample# left=10.0.0.1
#sample# leftsubnet=172.16.0.0/24
#sample# leftnexthop=10.22.33.44
#sample# # Right security gateway, subnet behind it, next hop
toward left.
#sample# right=10.12.12.1
#sample# rightsubnet=192.168.0.0/24
#sample# rightnexthop=10.101.102.103
#sample# # To authorize this connection, but not actually
start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
: PSK "rohit"
: RSA {
# RSA 2192 bits vpn Tue Nov 2 12:51:52 2004
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQO0ISvy7w6cCarBtZqC7RKkjbEZ4r8FUkefbAw2zu2H40IKcLsS7XI9+Fp+AmgUgq
ia2O6WStJf4YeC0yKlHjXy8AHZTn99JflYkQsS2ZFA744HApYf5YY3+zDIjr0FrSPifX6Ff9lWSp
IwEeJ4z5OPYA0qzdqWFo1x8yLFrvRvfMNCvY2dvXt4aX+am4jzxI/xNZqNEcyEPXSrbcaknd6W/y
BwmaEJX3AQgFB8hWDlcaG+tlop+ZDZjtLQxT7XQXwfRbynfxwuf+YSZGmkN2HpqdmJwO8AKZbcZp
SpT9o7OLtpzO81Pr3zw90UA1rWv5TaIPEv52xwYLKSBwMFbTh6utX3QeLufvV/s2X+s6NzRBV5
Modulus:
0xb4212bf2ef0e9c09aac1b59a82ed12a48db119e2bf0552479f6c0c36ceed87e3420a70bb12
ed723df85a7e02681482a89ad8ee964ad25fe18782d322a51e35f2f001d94e7f7d25f958910b
12d99140ef8e0702961fe58637fb30c88ebd05ad23e27d7e857fd9564a923011e278cf938f60
0d2acdda9616
8d71f322c5aef46f7cc342bd8d9dbd7b78697f9a9b88f3c48ff1359a8d11cc843d74ab6dc6a4
9dde96ff207099a1095f701080507c8560e571a1beb65a29f990d98ed2d0c53ed7417c1f45bc
a77f1c2e7fe6126469a43761e9a9d989c0ef002996dc6694a94fda3b38bb69ccef353ebdf3c3
dd14035ad6bf94da20f12fe76c7060b2920703056d387abad5f741e2ee7ef57fb365feb3a373
441579
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent:
0x1e05875327d7c4ac472048ef15d22dc6179d8450752b8db69a920209227cebfb35ac681f2d
d23db4feb9bfab1158c0716f2427c3b7230ffaebeb233070da5e5328004ee26a94dba98ec2d7
2dceed8ad297abd5c3affb965ea9dd76c274d64785fb14ea6b954ee3b7185d58506977eded3a
acdc77a46e591792fddb20f27e1294cb35ca4244f4e9e966a2e419a65ce0164183d434a62082
2915974fa7294c4fc2ba43b28aec258c48163547c9fecef837a9d44159aa51206962baf73943
639e0c319245c65f49d6516f19837479a649b2c55595081ec8610560b00528da71a18822c547
12f121f92069890b5724ca2b560853e2e53e6eefd313c21db655fbee0e7a30bace546c70f26d
f5e28222af52ee38f1
Prime1:
0xe4100644a6a2605252922bf7e688c9cd6fbf354001f7d7d58040a84adb3a60abd223eeb846
797432d4dc3ff6f49e4c3f4f8e27c523c68f86c5d198e655c45cab121846c70732195638064c
4ecc8857000ba9c3b30f670bb73c0d9a0cf544ba3731b9a3d584b2ee51942d69e1311aa6f027
d91f0d280300b2d607828fb5de1ea5c35b0c84ffd2bfae23
Prime2:
0xca31fb5e1fe1aa15cc0f253522ee7d25afd0a66cd2082ecc0a00afcd4cdb5edf6e7dd1d440
9aaf73f05200351e3014ff217745e55dc6a36f1248685d0b643aa0673768034a759fb3a00543
e7815b1f983acbf07e210afc338e14e3817da27713751654a89508a2569572668fa1b6c74bdd
7b9df45da1232adb8ee958adfb28462cbbe55e87aeef11b3
Exponent1:
0x980aaed86f16eae18c6172a5445b31339fd4ce2aabfa8fe3aad5c5873cd195c7e16d49d02e
fba2cc8de82aa4a31432d4dfb41a836d2f0a59d93665
eee3d83dc761658484af76bb8ed00432df33058f555d1bd7ccb4ef5d24d2b3bc08a38326cf76
7bc28e5877498bb81e469620bc6f4ac53b6a08c55755cc8eafac5fce94146e823cb30355372a
7417
Exponent2:
0x86cbfce96a967163dd5f6e236c9efe191fe06ef336b01f32b155ca88dde79494f453e1382b
11ca4d4ae15578becab8aa164f83ee3e846cf4b6daf03e079827159a24f00231a3bfcd1558d7
efab9215102732a054160752cd0963425653c1a4b7a3643870635b16e463a199b51679da3293
a7bea2e9161771e7b49b9073fcc5841dd298e9afc9f4b677
Coefficient:
0xbe2fd02d3bd5b4a54b86b4f7194302749c43b59cca1dc51fa653875dd0c79221f39c982f61
301f6bc8f25e1ca283197f21c2421f3b3ff74e7a523e5137a093215bd26456d6b7f88e69327e
20d515b32b358e36eda604d0ecbfbfd153f52e3c46916b50f188be31c5570ad636306087cae9
0f1eddd1989374aeefbf26267ab11790e131cf1bddd52cf6
}
# do not change the indenting of that "}"
i do not have a dns server where i can host my dns txt record no
firewall is used at this moment on the server; will be used later.
marcus miller ipsec.conf on windows is
conn rohit
authby=secret
presharedkey="rohit"
left=61.95.143.39
leftsubnet=10.140.0.0/16
leftnexthop=61.95.143.33
right=%any
rightnexthop=%defaultroute
auto=start
how ever i am getting the authentication failed
please help
regards
rohit sahi
Kind Regards,
Rohit Sahi,
System Administrator.
(Scicom InfoTech Pvt. Ltd.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20041110/2136dee8/attachment-0001.htm
More information about the Users
mailing list