[Openswan Users] question from a newbie

Cihan Esen esencihan at yahoo.com
Fri Nov 26 07:41:46 CET 2004


Hi Paul,

Thank you for all your responses, Paul, Ted and Frank. 

I added 'type=%direct' line to my ipsec.conf files, but still the
situation didn't change. I tried 'ipsec barf' as well, but I couldn't
find anything useful from its output, I'm attaching it to this mail, I
hope u can see sth that I didn't see.

And, there is no firewall or sth which would prevent communication in
my test environment. 

One more thing; when I execute ipsec showhostkey command, it says 'no
default key in ipsec.secrets file'. I don't understand this, as I think
that I have proper keys stated in ipsec.secrets and also in ipsec.conf
as public keys.

so my ipsec.conf file is now look like this:


version 2.0     # conforms to second version of ipsec.conf
specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        #interfaces=%defaultroute
    interfaces="ipsec0=eth0 ipsec1=eth1"


# Add connections here.

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

conn pc2pc
                type=%direct
                left=122.122.122.141
                leftsubnet=192.168.1.0/24
                leftnexthop=122.122.122.254
                right=122.122.122.142
                rightsubnet=192.168.2.0/24
                rightnexthop=122.122.122.254
                authby=rsasig
                auto=start
               
leftrsasigkey=0x0sAQOpsvQthI6oSYBEvm8oaRB6x1aT0+zVzB+k41x98NRsCrFYLxeK6bLRtCa0QcmtLyxe+37KFxfnuNhfzXxzs+DZwSdV4yhdnefeJPr4xCVsbP1IHr1037wU3ugM3sOEyI+AtKnYJq9+o+tcQyPrB5ecgWc6MMqtIa2dZuMo98G/5Q==
               
rightrsasigkey=0x0sAQOJRA5oVM4gQNcCD8rhG8nnHQL+la6ADvnYj0N9opxTHDbs3JoiihZH/YsGI1zOI/2sG5rT4Tt34Otw7eXfy3386gxps4Lepz4f+BxOXZUgYqupBRFbFd6rq0Ett8IPsWvKysCTMKoVJNO5HoN78Ns/b2NxbOg4aK1VjcSVtAHAxw==


Cihan


--- Paul Wouters <paul at xelerance.com> wrote:

> On Fri, 26 Nov 2004, Cihan Esen wrote:
> 
> > My simulation scheme looks like this:
> >
> > LAN---IPSEC_GW---Router---IPSEC_GW---LAN
> 
> Actually, your setup does not look like that, it looks like
> 
> > LAN---IPSEC_GW---Router---IPSEC_GW---LAN
> 
>   SUBNET1-IPSECGW---LAN---IPSECGW-SUBNET2
> 
> > I am using freeswan2.01 and Linux Mandrake9.2 on both IPSEC_GW
> PCs..
> 
> It's a bit old, but should work for for this simple case.
> 
> >        klipsdebug=all
> >        plutodebug=all
> 
> Please dont use those unless you are debugging code, not
> configurations.
> 
> > conn pc2pc
> >                left=122.122.122.141
> >                leftsubnet=192.168.1.0/24
> >                leftnexthop=122.122.122.254
> >                right=122.122.122.142
> >                rightsubnet=192.168.2.0/16
> >                rightnexthop=122.122.122.254
> >                authby=rsasig
> >                auto=start
> 
> You can try adding type=%direct. Or better, really try and build your
> test setup with the ipsec gateway not being in the same subnet
> (122.122.122.0/24)
> 
> Next time, set those debug options to none, and run 'ipsec barf' to
> give us
> better information to look at what is happening.
> 
> Paul
> 



	
		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: barf_output
Type: application/octet-stream
Size: 42440 bytes
Desc: barf_output
Url : http://lists.openswan.org/pipermail/users/attachments/20041126/63e3cfe3/barf_output-0001.obj


More information about the Users mailing list