[Openswan Users] VPN over WLAN to IPCop

Trevor Benson tbenson at a-1networks.com
Wed Sep 1 19:26:50 CEST 2004

I can say it does work, because I use IPCop 1.4 betas to do just this.
Although they have a system that scripts all the changes to your file
and a custom build binary to start and stop services correctly.  

Unfortunately you can run into some weird issues if you just try the
stock methods to bring up and down connections after modifying
configuration files by hand, or running command line without using the
built in scripts or binaries.  

I am also sending this to the IPCop Devel mailing list, which is
probably the fastest way to figure out how to do this on IPCop, because
of the extra binaries that perform additional steps on the system.

> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> Behalf Of Piers Kittel
> Sent: Wednesday, September 01, 2004 2:47 PM
> To: users at openswan.org
> Subject: [Openswan Users] VPN over WLAN to IPCop
> Hi all,
> Am trying to make a VPN connection to IPCop 1.4b4 - I tried to set up
> using Windows first, and after a while, I have succeeded.  But now I
> want to set up the same connection to IPCop but for Linux.  Here is
> ipsec.conf file on IPCop (autocreated when I did stuff in the VPN
> section, but added in "pfs=no" myself):
> conn VPN
>          left=
>          leftsubnet=
>          right=%any
>          rightsubnet=vhost:%no,%priv
>          dpddelay=30
>          dpdtimeout=120
>          dpdaction=clear
>          authby=secret
>          auto=add
>          pfs=no
> and here's the ipsec.conf file I use on Windows:
> conn Home
> 	left=
> 	leftsubnet=*
> 	right=%any
> 	presharedkey=<hidden>
> 	network=auto
> 	auto=start
> and it works just fine.  As for Linux, I'm using Debian 3.1 Sarge,
> OpenSwan 2.1.5 with kernel 2.4.26.  I copied and modified the
> file slightly and here is what I have:
> version 2.0
> conn home
> 	left=
> 	leftsubnet=
> 	right=%any
> 	rightsubnet=vhost:%no,%priv
> 	authby=secret
> 	auto=start
> 	pfs=no
> include /etc/ipsec.d/examples/no_oe.conf
> Thing is that I tried putting "presharedkey" in the file, but ispec
> didn't recognise the parameter and so I took it out, but am not sure
> where I should be putting the key.
> Anyway, I restart ipsec, and it seems all OK, but when I try "ipsec
> --up home" it says "022 "home": we cannot identify ourselves with
> end of this connection.".  Where do I go from here?  Logs on both
> computers aren't helpful.  What am I doing wrong?
> When I tried "leftsubnet=" on Windows, it wouldn't
> but "leftsubnet=*" was okay, but when I used "leftsubnet=*" on Linux
> wouldn't work.
> By the way, in the wiki documentation
> (http://wiki.openswan.org/index.php/Configuring), there's an line:
> "ipsec auto --start net-to-net"
> tried that, but "--start" isn't recognised.
> Thanks very much for your help in advance
> Cheers - Piers
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list