[Openswan Users] question from a newbie

Cihan Esen esencihan at yahoo.com
Fri Nov 26 01:46:33 CET 2004 

Hi all!

I'm Cihan Esen, from Istanbul.

I am trying to set up a ipsec-based vpn network, that I still couldn't
be able to:(...I am giving my configuration info and some logs below,
and I would really appreciate any kind help, I'm really on a point that
my mind can't produce any solution..

My simulation scheme looks like this:

LAN---IPSEC_GW---Router---IPSEC_GW---LAN

I am using freeswan2.01 and Linux Mandrake9.2 on both IPSEC_GW PCs..

/var/log/messages are the same on each ipsec_gw which looks like this:

Nov 26 10:59:32 ArgeCihan ipsec__plutorun: Starting Pluto subsystem...
Nov 26 10:59:32 ArgeCihan pluto[30529]: Starting Pluto (FreeS/WAN
Version 2.01 X.509-1.4.4 PLUTO_USES_KEYRR)
Nov 26 10:59:32 ArgeCihan pluto[30529]: | opening /dev/urandom
Nov 26 10:59:32 ArgeCihan pluto[30529]: | inserting event
EVENT_REINIT_SECRET, timeout in 3600 seconds
Nov 26 10:59:32 ArgeCihan pluto[30529]: | process 30529 listening for
PF_KEY_V2 on file descriptor 6
Nov 26 10:59:32 ArgeCihan pluto[30529]: | finish_pfkey_msg:
SADB_REGISTER message 1 for AH
Nov 26 10:59:32 ArgeCihan pluto[30529]: |   02 07 00 02  02 00 00 00 
01 00 00 00  41 77 00 00
Nov 26 10:59:32 ArgeCihan pluto[30529]: | pfkey_get: SADB_REGISTER
message 1
Nov 26 10:59:32 ArgeCihan pluto[30529]: | AH registered with kernel.
Nov 26 10:59:32 ArgeCihan pluto[30529]: | finish_pfkey_msg:
SADB_REGISTER message 2 for ESP
Nov 26 10:59:32 ArgeCihan pluto[30529]: |   02 07 00 03  02 00 00 00 
02 00 00 00  41 77 00 00
Nov 26 10:59:32 ArgeCihan pluto[30529]: | pfkey_get: SADB_REGISTER
message 2
Nov 26 10:59:32 ArgeCihan pluto[30529]: | ESP registered with kernel.
Nov 26 10:59:32 ArgeCihan pluto[30529]: | finish_pfkey_msg:
SADB_REGISTER message 3 for IPCOMP
Nov 26 10:59:32 ArgeCihan pluto[30529]: |   02 07 00 0a  02 00 00 00 
03 00 00 00  41 77 00 00
Nov 26 10:59:32 ArgeCihan pluto[30529]: | pfkey_get: SADB_REGISTER
message 3
Nov 26 10:59:32 ArgeCihan pluto[30529]: | IPCOMP registered with
kernel.
Nov 26 10:59:32 ArgeCihan pluto[30529]: | finish_pfkey_msg:
SADB_REGISTER message 4 for IPIP
Nov 26 10:59:32 ArgeCihan pluto[30529]: |   02 07 00 09  02 00 00 00 
04 00 00 00  41 77 00 00
Nov 26 10:59:32 ArgeCihan pluto[30529]: | pfkey_get: SADB_REGISTER
message 4
Nov 26 10:59:32 ArgeCihan pluto[30529]: | IPIP registered with kernel.
Nov 26 10:59:32 ArgeCihan pluto[30529]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Nov 26 10:59:32 ArgeCihan pluto[30529]: Could not change to directory
'/etc/ipsec.d/cacerts'
Nov 26 10:59:32 ArgeCihan pluto[30529]: Could not change to directory
'/etc/ipsec.d/crls'
Nov 26 10:59:33 ArgeCihan pluto[30529]: | inserting event 7??, timeout
in 46827 seconds
Nov 26 10:59:33 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 119 seconds
Nov 26 10:59:33 ArgeCihan pluto[30529]: |
Nov 26 10:59:33 ArgeCihan pluto[30529]: | *received whack message
Nov 26 10:59:33 ArgeCihan pluto[30529]: listening for IKE messages
Nov 26 10:59:33 ArgeCihan pluto[30529]: | found lo with address
127.0.0.1
Nov 26 10:59:33 ArgeCihan pluto[30529]: | found eth0 with address
122.122.122.141
Nov 26 10:59:33 ArgeCihan pluto[30529]: | found eth1 with address
192.168.1.2
Nov 26 10:59:33 ArgeCihan pluto[30529]: | found ipsec0 with address
122.122.122.141
Nov 26 10:59:33 ArgeCihan pluto[30529]: | found ipsec1 with address
192.168.1.2
Nov 26 10:59:33 ArgeCihan pluto[30529]: adding interface ipsec1/eth1
192.168.1.2
Nov 26 10:59:33 ArgeCihan pluto[30529]: adding interface ipsec0/eth0
122.122.122.141
Nov 26 10:59:33 ArgeCihan pluto[30529]: | IP interface lo 127.0.0.1 has
no matching ipsec* interface -- ignored
Nov 26 10:59:33 ArgeCihan pluto[30529]: | could not open
/proc/net/if_inet6
Nov 26 10:59:33 ArgeCihan pluto[30529]: loading secrets from
"/etc/freeswan/ipsec.secrets"
Nov 26 10:59:33 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 119 seconds
Nov 26 10:59:33 ArgeCihan pluto[30529]: |
Nov 26 10:59:33 ArgeCihan pluto[30529]: | *received whack message
Nov 26 10:59:33 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 119 seconds
Nov 26 10:59:33 ArgeCihan pluto[30529]: |
Nov 26 10:59:33 ArgeCihan pluto[30529]: | *received whack message
Nov 26 10:59:33 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 119 seconds
Nov 26 10:59:33 ArgeCihan pluto[30529]: |
Nov 26 10:59:33 ArgeCihan pluto[30529]: | *received whack message
Nov 26 10:59:33 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 119 seconds
Nov 26 11:01:32 ArgeCihan pluto[30529]: |
Nov 26 11:01:32 ArgeCihan pluto[30529]: | *time to handle event
Nov 26 11:01:32 ArgeCihan pluto[30529]: | event after this is
EVENT_REINIT_SECRET in 3480 seconds
Nov 26 11:01:32 ArgeCihan pluto[30529]: | inserting event
EVENT_SHUNT_SCAN, timeout in 120 seconds
Nov 26 11:01:32 ArgeCihan pluto[30529]: | scanning for shunt eroutes
Nov 26 11:01:32 ArgeCihan pluto[30529]: | next event EVENT_SHUNT_SCAN
in 120 seconds


I am using the same ipsec.conf file on each ipsec_gw which looks like
this:


version 2.0     # conforms to second version of ipsec.conf
specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        #interfaces=%defaultroute
    interfaces="ipsec0=eth0 ipsec1=eth1"
        klipsdebug=all
        plutodebug=all
    plutoload=%search
    plutostart=%search


# Add connections here.

# sample VPN connection
#sample#        conn sample
#sample#                # Left security gateway, subnet behind it, next
hop toward right.
#sample#                left=10.0.0.1
#sample#                leftsubnet=172.16.0.0/24
#sample#                leftnexthop=10.22.33.44
#sample#                # Right security gateway, subnet behind it,
next hop toward left.
#sample#                right=10.12.12.1
#sample#                rightsubnet=192.168.0.0/24
#sample#                rightnexthop=10.101.102.103
#sample#                # To authorize this connection, but not
actually start it, at startup,
#sample#                # uncomment this.
#sample#                #auto=start

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

conn pc2pc
                left=122.122.122.141
                leftsubnet=192.168.1.0/24
                leftnexthop=122.122.122.254
                right=122.122.122.142
                rightsubnet=192.168.2.0/16
                rightnexthop=122.122.122.254
                authby=rsasig
                auto=start
               
leftrsasigkey=0x0sAQOpsvQthI6oSYBEvm8oaRB6x1aT0+zVzB+k41x98NRsCrFYLxeK6bLRtCa0QcmtLyxe+37KFxfnuNhfzXxzs+DZwSdV4yhdnefeJPr4xCVsbP1IHr1037wU3ugM3sOEyI+AtKnYJq9+o+tcQyPrB5ecgWc6MMqtIa2dZuMo98G/5Q==
               
rightrsasigkey=0x0sAQOJRA5oVM4gQNcCD8rhG8nnHQL+la6ADvnYj0N9opxTHDbs3JoiihZH/YsGI1zOI/2sG5rT4Tt34Otw7eXfy3386gxps4Lepz4f+BxOXZUgYqupBRFbFd6rq0Ett8IPsWvKysCTMKoVJNO5HoN78Ns/b2NxbOg4aK1VjcSVtAHAxw==


thanks in advance,

Cihan Esen



		
__________________________________ 
Do you Yahoo!? 
All your favorites on one personal page – Try My Yahoo!
http://my.yahoo.com

More information about the Users mailing list