[Openswan Users] Problems connecting to office LAN
Cory S
fubeca at gmail.com
Tue Nov 23 07:17:55 CET 2004
Hi all,
I've been working with this for weeks trying to get it to work but
I've finally given up and decided to ask the experts. Here is my
layout:
home DSL modem/gateway Symantec
firewall work
192.168.1.2 -------- 192.168.1.1/xxx.xxx.xxx.xxx ======
xxx.xxx.xxx.xxx ----------- 192.168.169.149
I can connect just fine from Windows with the Symantec client but I
would like to connect with Linux using openswan (installed v. 2.2.0).
And yes, I got my settings from Andreas' mail post.
Here is the config from Symantec's client:
Tunnel Summary
Security gateway: xxx.xxx.xxx.xxx
Tunnel name:
IP address: 192.168.169.0
Network Mask: 255.255.255.0
Tunnel state: Connected
VPN policy: Custom
Tunnel Settings
IPSec protocol: ESP
Data integrity: MD5
Data privacy: DES
Compression: Any
Encapsulation: Tunnel
Diffie-Hellman: None
Data volume limit: 2100000
Lifetime timeout: 480
Inactivity timeout: 0
My ipsec.secrets
@#ID_IN_HEX <firewall address> : PSK "SECRET_IN_DECIMAL"
My ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
nat_traversal=yes
# Equis connection
conn conn1
type= tunnel
left= 192.168.1.2
leftsubnet= 192.168.1.0/0
leftnexthop= 192.168.1.1
leftid=@#637363686d696474
right= 204.246.137.26
rightsubnet= 192.168.169.0/0
keyexchange= ike
authby= secret
auth= esp
auto= add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
I start things up with the following commands:
ipsec pluto
ipsec auto --add conn1
ipsec auto --ready
ipsec auto --up conn1
And get this in auth.log:
Nov 22 18:42:37 kashmir pluto[2939]: Starting Pluto (Openswan Version
2.2.0 X.509-1.5.
4 PLUTO_USES_KEYRR)
Nov 22 18:42:37 kashmir pluto[2939]: including NAT-Traversal patch
(Version 0.6c) [d
isabled]
Nov 22 18:42:37 kashmir pluto[2939]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC
: Ok (ret=0)
Nov 22 18:42:37 kashmir pluto[2939]: Using Linux 2.6 IPsec interface code
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory
'/etc/ipsec.d/cacerts'
Nov 22 18:42:37 kashmir pluto[2939]: Could not change to directory
'/etc/ipsec.d/aacer
ts'
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Nov 22 18:42:37 kashmir pluto[2939]: Changing to directory '/etc/ipsec.d/crls'
Nov 22 18:42:37 kashmir pluto[2939]: Warning: empty directory
Nov 22 18:42:50 kashmir pluto[2939]: added connection description "conn1"
Nov 22 18:42:58 kashmir pluto[2939]: listening for IKE messages
Nov 22 18:42:58 kashmir pluto[2939]: adding interface lo/lo 127.0.0.1
Nov 22 18:42:58 kashmir pluto[2939]: adding interface eth0/eth0 192.168.1.2
Nov 22 18:42:58 kashmir pluto[2939]: adding interface lo/lo ::1
Nov 22 18:42:58 kashmir pluto[2939]: loading secrets from "/etc/ipsec.secrets"
Nov 22 18:43:04 kashmir pluto[2939]: "conn1" #1: initiating Main Mode
Nov 22 18:43:04 kashmir pluto[2939]: packet from xxx.xxx.xxx.xxx:500:
ignoring informat
ional payload, type PAYLOAD_MALFORMED
Nov 22 18:43:04 kashmir pluto[2939]: packet from xxx.xxx.xxx.xxx:500:
received and igno
red informational message
Can anyone help?
Thanks!
More information about the Users
mailing list