[Openswan Users] question from a newbie
Cihan Esen
esencihan at yahoo.com
Fri Nov 26 07:41:46 CET 2004
Hi Paul,
Thank you for all your responses, Paul, Ted and Frank.
I added 'type=%direct' line to my ipsec.conf files, but still the
situation didn't change. I tried 'ipsec barf' as well, but I couldn't
find anything useful from its output, I'm attaching it to this mail, I
hope u can see sth that I didn't see.
And, there is no firewall or sth which would prevent communication in
my test environment.
One more thing; when I execute ipsec showhostkey command, it says 'no
default key in ipsec.secrets file'. I don't understand this, as I think
that I have proper keys stated in ipsec.secrets and also in ipsec.conf
as public keys.
so my ipsec.conf file is now look like this:
version 2.0 # conforms to second version of ipsec.conf
specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
#interfaces=%defaultroute
interfaces="ipsec0=eth0 ipsec1=eth1"
# Add connections here.
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn pc2pc
type=%direct
left=122.122.122.141
leftsubnet=192.168.1.0/24
leftnexthop=122.122.122.254
right=122.122.122.142
rightsubnet=192.168.2.0/24
rightnexthop=122.122.122.254
authby=rsasig
auto=start
leftrsasigkey=0x0sAQOpsvQthI6oSYBEvm8oaRB6x1aT0+zVzB+k41x98NRsCrFYLxeK6bLRtCa0QcmtLyxe+37KFxfnuNhfzXxzs+DZwSdV4yhdnefeJPr4xCVsbP1IHr1037wU3ugM3sOEyI+AtKnYJq9+o+tcQyPrB5ecgWc6MMqtIa2dZuMo98G/5Q==
rightrsasigkey=0x0sAQOJRA5oVM4gQNcCD8rhG8nnHQL+la6ADvnYj0N9opxTHDbs3JoiihZH/YsGI1zOI/2sG5rT4Tt34Otw7eXfy3386gxps4Lepz4f+BxOXZUgYqupBRFbFd6rq0Ett8IPsWvKysCTMKoVJNO5HoN78Ns/b2NxbOg4aK1VjcSVtAHAxw==
Cihan
--- Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 26 Nov 2004, Cihan Esen wrote:
>
> > My simulation scheme looks like this:
> >
> > LAN---IPSEC_GW---Router---IPSEC_GW---LAN
>
> Actually, your setup does not look like that, it looks like
>
> > LAN---IPSEC_GW---Router---IPSEC_GW---LAN
>
> SUBNET1-IPSECGW---LAN---IPSECGW-SUBNET2
>
> > I am using freeswan2.01 and Linux Mandrake9.2 on both IPSEC_GW
> PCs..
>
> It's a bit old, but should work for for this simple case.
>
> > klipsdebug=all
> > plutodebug=all
>
> Please dont use those unless you are debugging code, not
> configurations.
>
> > conn pc2pc
> > left=122.122.122.141
> > leftsubnet=192.168.1.0/24
> > leftnexthop=122.122.122.254
> > right=122.122.122.142
> > rightsubnet=192.168.2.0/16
> > rightnexthop=122.122.122.254
> > authby=rsasig
> > auto=start
>
> You can try adding type=%direct. Or better, really try and build your
> test setup with the ipsec gateway not being in the same subnet
> (122.122.122.0/24)
>
> Next time, set those debug options to none, and run 'ipsec barf' to
> give us
> better information to look at what is happening.
>
> Paul
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: barf_output
Type: application/octet-stream
Size: 42440 bytes
Desc: barf_output
Url : http://lists.openswan.org/pipermail/users/attachments/20041126/63e3cfe3/barf_output-0001.obj
More information about the Users
mailing list