[Openswan Users] Problems connecting to office LAN

Cory S fubeca at gmail.com
Tue Nov 23 07:17:55 CET 2004


Hi all,

I've been working with this for weeks trying to get it to work but
I've finally given up and decided to ask the experts. Here is my
layout:

home                 DSL modem/gateway                     Symantec
firewall       work
192.168.1.2 -------- 192.168.1.1/xxx.xxx.xxx.xxx ====== 
xxx.xxx.xxx.xxx ----------- 192.168.169.149

I can connect just fine from Windows with the Symantec client but I
would like to connect with Linux using openswan (installed v. 2.2.0).
And yes, I got my settings from Andreas' mail post.

Here is the config from Symantec's client:

Tunnel Summary
Security gateway: xxx.xxx.xxx.xxx
Tunnel name:
IP address:          192.168.169.0
Network Mask:      255.255.255.0
Tunnel state:        Connected
VPN policy:          Custom

Tunnel Settings
IPSec protocol:    ESP
Data integrity:      MD5
Data privacy:       DES
Compression:       Any
Encapsulation:     Tunnel
Diffie-Hellman:      None
Data volume limit: 2100000
Lifetime timeout:    480
Inactivity timeout:   0

My ipsec.secrets
@#ID_IN_HEX <firewall address> : PSK "SECRET_IN_DECIMAL"

My ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=dns
        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        nat_traversal=yes


# Equis connection
conn conn1
        type=           tunnel
        left=           192.168.1.2
        leftsubnet=     192.168.1.0/0
        leftnexthop=    192.168.1.1
        leftid=@#637363686d696474
        right=          204.246.137.26
        rightsubnet=    192.168.169.0/0
        keyexchange=    ike
        authby=         secret
        auth=           esp
        auto=           add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

I start things up with the following commands:
ipsec pluto
ipsec auto --add conn1
ipsec auto --ready
ipsec auto --up conn1

And get this in auth.log:

Nov 22 18:42:37 kashmir pluto[2939]: Starting Pluto (Openswan Version
2.2.0 X.509-1.5.
4 PLUTO_USES_KEYRR)
Nov 22 18:42:37 kashmir pluto[2939]:   including NAT-Traversal patch
(Version 0.6c) [d
isabled]
Nov 22 18:42:37 kashmir pluto[2939]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC
: Ok (ret=0)
Nov 22 18:42:37 kashmir pluto[2939]: Using Linux 2.6 IPsec interface code
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory
'/etc/ipsec.d/cacerts'
Nov 22 18:42:37 kashmir pluto[2939]: Could not change to directory
'/etc/ipsec.d/aacer
ts'
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory '/etc/ipsec.d/crls'
Nov 22 18:42:37 kashmir pluto[2939]:   Warning: empty directory
Nov 22 18:42:50 kashmir pluto[2939]: added connection description "conn1"
Nov 22 18:42:58 kashmir pluto[2939]: listening for IKE messages
Nov 22 18:42:58 kashmir pluto[2939]: adding interface lo/lo 127.0.0.1
Nov 22 18:42:58 kashmir pluto[2939]: adding interface eth0/eth0 192.168.1.2
Nov 22 18:42:58 kashmir pluto[2939]: adding interface lo/lo ::1
Nov 22 18:42:58 kashmir pluto[2939]: loading secrets from "/etc/ipsec.secrets"
Nov 22 18:43:04 kashmir pluto[2939]: "conn1" #1: initiating Main Mode
Nov 22 18:43:04 kashmir pluto[2939]: packet from xxx.xxx.xxx.xxx:500:
ignoring informat
ional payload, type PAYLOAD_MALFORMED
Nov 22 18:43:04 kashmir pluto[2939]: packet from xxx.xxx.xxx.xxx:500:
received and igno
red informational message

Can anyone help?

Thanks!


More information about the Users mailing list