[Openswan Users] nated vpn

Alberto E. Gallardo Doñate ergallardo at yahoo.es
Fri Apr 22 13:37:35 CEST 2005 

Hello everybody.

I am trying to established a vpn connections between two linux suse 9.2 with openswan 2.3.1.
One linux server is behind an adsl router and the another linux is behind another.

Is there a good guide or example that explains how configure this?

I have my current configuration with PSK authentication. 
Here are the traces of one of the linux: It sends "phase 1 I ident" and "receives a phase R ident" but it seems not to 
authenticate the preshared secret.

ipsec.secret on linux 1:
192.168.254.3 a.b.c.d : PSK "mysecret"
ipsec.secret on linux 2:
192.168.250.3 e.f.g.h : PSK  "mysecret"

a.b.c.d is the public ip of adsl router 1
e.f.g.h is the public ip of adsl router 2


Apr 22 12:07:41 backup pluto[2094]: | *received 136 bytes from a.b.c.d:500 on eth0 (port=500)
Apr 22 12:07:41 backup pluto[2094]: | **parse ISAKMP Message:
Apr 22 12:07:41 backup pluto[2094]: |    initiator cookie:
Apr 22 12:07:41 backup pluto[2094]: |   98 11 e5 30  51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: |    responder cookie:
Apr 22 12:07:41 backup pluto[2094]: |   6a 01 af 33  59 92 35 94
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_SA
Apr 22 12:07:41 backup pluto[2094]: |    ISAKMP version: ISAKMP Version 1.0
Apr 22 12:07:41 backup pluto[2094]: |    exchange type: ISAKMP_XCHG_IDPROT
Apr 22 12:07:41 backup pluto[2094]: |    flags: none
Apr 22 12:07:41 backup pluto[2094]: |    message ID:  00 00 00 00
Apr 22 12:07:41 backup pluto[2094]: |    length: 136
Apr 22 12:07:41 backup pluto[2094]: | ICOOKIE:  98 11 e5 30  51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: | RCOOKIE:  6a 01 af 33  59 92 35 94
Apr 22 12:07:41 backup pluto[2094]: | peer:  51 21 19 8a
Apr 22 12:07:41 backup pluto[2094]: | state hash entry 13
Apr 22 12:07:41 backup pluto[2094]: | state object not found
Apr 22 12:07:41 backup pluto[2094]: | ICOOKIE:  98 11 e5 30  51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: | RCOOKIE:  00 00 00 00  00 00 00 00
Apr 22 12:07:41 backup pluto[2094]: | peer:  51 21 19 8a
Apr 22 12:07:41 backup pluto[2094]: | state hash entry 2
Apr 22 12:07:41 backup pluto[2094]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Apr 22 12:07:41 backup pluto[2094]: | state object #1 found, in STATE_MAIN_I1
Apr 22 12:07:41 backup pluto[2094]: | processing connection linux1-linux2
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Security Association Payload:
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: |    length: 52
Apr 22 12:07:41 backup pluto[2094]: |    DOI: ISAKMP_DOI_IPSEC
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: |    length: 16
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: |    length: 20
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: |    length: 20
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [Openswan (this version) 2.3.1  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [Dead Peer Detection]
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [RFC 3947] method set to=109
Apr 22 12:07:41 backup pluto[2094]: | ****parse IPsec DOI SIT:
Apr 22 12:07:41 backup pluto[2094]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 22 12:07:41 backup pluto[2094]: | ****parse ISAKMP Proposal Payload:
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: |    length: 40
Apr 22 12:07:41 backup pluto[2094]: |    proposal number: 0
Apr 22 12:07:41 backup pluto[2094]: |    protocol ID: PROTO_ISAKMP
Apr 22 12:07:41 backup pluto[2094]: |    SPI size: 0
Apr 22 12:07:41 backup pluto[2094]: |    number of transforms: 1
Apr 22 12:07:41 backup pluto[2094]: | *****parse ISAKMP Transform Payload (ISAKMP):
Apr 22 12:07:41 backup pluto[2094]: |    next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: |    length: 32
Apr 22 12:07:41 backup pluto[2094]: |    transform number: 0
Apr 22 12:07:41 backup pluto[2094]: |    transform ID: KEY_IKE
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: |    af+type: OAKLEY_LIFE_TYPE
Apr 22 12:07:41 backup pluto[2094]: |    length/value: 1
Apr 22 12:07:41 backup pluto[2094]: |    [1 is OAKLEY_LIFE_SECONDS]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: |    af+type: OAKLEY_LIFE_DURATION
Apr 22 12:07:41 backup pluto[2094]: |    length/value: 3600
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM
Apr 22 12:07:41 backup pluto[2094]: |    length/value: 5
Apr 22 12:07:41 backup pluto[2094]: |    [5 is OAKLEY_3DES_CBC]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: |    af+type: OAKLEY_HASH_ALGORITHM
Apr 22 12:07:41 backup pluto[2094]: |    length/value: 1
Apr 22 12:07:41 backup pluto[2094]: |    [1 is OAKLEY_MD5]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: |    af+type: OAKLEY_AUTHENTICATION_METHOD
Apr 22 12:07:41 backup pluto[2094]: |    length/value: 1
Apr 22 12:07:41 backup pluto[2094]: |    [1 is OAKLEY_PRESHARED_KEY]
Apr 22 12:07:41 backup pluto[2094]: | started looking for secret for 192.168.254.3->a.b.c.d of kind PPK_PSK
Apr 22 12:07:41 backup pluto[2094]: | actually looking for secret for 192.168.254.3->a.b.c.dof kind PPK_PSK
Apr 22 12:07:41 backup pluto[2094]: | 1: compared PSK a.b.c.d to 192.168.254.3 / a.b.c.d-> 0
Apr 22 12:07:41 backup pluto[2094]: | 2: compared PSK 192.168.254.3 to 192.168.254.3 / a.b.c.d-> 4
Apr 22 12:07:41 backup pluto[2094]: | concluding with best_match=0 best=(nil) (lineno=-1)
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: Can't authenticate: no preshared key found for `192.168.254.3' and `a.b.c.d'.  Attribute OAKLEY_AUTHENTICATION_METHOD
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: no acceptable Oakley Transform
Apr 22 12:07:41 backup pluto[2094]: | complete state transition with (null)
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: sending notification NO_PROPOSAL_CHOSEN to a.b.c.d:500
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: failed to build notification for spisize=0
Apr 22 12:07:41 backup pluto[2094]: | state transition function for STATE_MAIN_I1 failed: NO_PROPOSAL_CHOSEN
Apr 22 12:07:41 backup pluto[2094]: | next event EVENT_PENDING_PHASE2 in 119 seconds

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050422/03558b12/attachment.htm

More information about the Users mailing list