[Openswan Users] nated vpn
Alberto E. Gallardo Doñate
ergallardo at yahoo.es
Fri Apr 22 13:37:35 CEST 2005
Hello everybody.
I am trying to established a vpn connections between two linux suse 9.2 with openswan 2.3.1.
One linux server is behind an adsl router and the another linux is behind another.
Is there a good guide or example that explains how configure this?
I have my current configuration with PSK authentication.
Here are the traces of one of the linux: It sends "phase 1 I ident" and "receives a phase R ident" but it seems not to
authenticate the preshared secret.
ipsec.secret on linux 1:
192.168.254.3 a.b.c.d : PSK "mysecret"
ipsec.secret on linux 2:
192.168.250.3 e.f.g.h : PSK "mysecret"
a.b.c.d is the public ip of adsl router 1
e.f.g.h is the public ip of adsl router 2
Apr 22 12:07:41 backup pluto[2094]: | *received 136 bytes from a.b.c.d:500 on eth0 (port=500)
Apr 22 12:07:41 backup pluto[2094]: | **parse ISAKMP Message:
Apr 22 12:07:41 backup pluto[2094]: | initiator cookie:
Apr 22 12:07:41 backup pluto[2094]: | 98 11 e5 30 51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: | responder cookie:
Apr 22 12:07:41 backup pluto[2094]: | 6a 01 af 33 59 92 35 94
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_SA
Apr 22 12:07:41 backup pluto[2094]: | ISAKMP version: ISAKMP Version 1.0
Apr 22 12:07:41 backup pluto[2094]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 22 12:07:41 backup pluto[2094]: | flags: none
Apr 22 12:07:41 backup pluto[2094]: | message ID: 00 00 00 00
Apr 22 12:07:41 backup pluto[2094]: | length: 136
Apr 22 12:07:41 backup pluto[2094]: | ICOOKIE: 98 11 e5 30 51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: | RCOOKIE: 6a 01 af 33 59 92 35 94
Apr 22 12:07:41 backup pluto[2094]: | peer: 51 21 19 8a
Apr 22 12:07:41 backup pluto[2094]: | state hash entry 13
Apr 22 12:07:41 backup pluto[2094]: | state object not found
Apr 22 12:07:41 backup pluto[2094]: | ICOOKIE: 98 11 e5 30 51 e5 bf 64
Apr 22 12:07:41 backup pluto[2094]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 22 12:07:41 backup pluto[2094]: | peer: 51 21 19 8a
Apr 22 12:07:41 backup pluto[2094]: | state hash entry 2
Apr 22 12:07:41 backup pluto[2094]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000
Apr 22 12:07:41 backup pluto[2094]: | state object #1 found, in STATE_MAIN_I1
Apr 22 12:07:41 backup pluto[2094]: | processing connection linux1-linux2
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Security Association Payload:
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: | length: 52
Apr 22 12:07:41 backup pluto[2094]: | DOI: ISAKMP_DOI_IPSEC
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: | length: 16
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_VID
Apr 22 12:07:41 backup pluto[2094]: | length: 20
Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor ID Payload:
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: | length: 20
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [Openswan (this version) 2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [Dead Peer Detection]
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [RFC 3947] method set to=109
Apr 22 12:07:41 backup pluto[2094]: | ****parse IPsec DOI SIT:
Apr 22 12:07:41 backup pluto[2094]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 22 12:07:41 backup pluto[2094]: | ****parse ISAKMP Proposal Payload:
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: | length: 40
Apr 22 12:07:41 backup pluto[2094]: | proposal number: 0
Apr 22 12:07:41 backup pluto[2094]: | protocol ID: PROTO_ISAKMP
Apr 22 12:07:41 backup pluto[2094]: | SPI size: 0
Apr 22 12:07:41 backup pluto[2094]: | number of transforms: 1
Apr 22 12:07:41 backup pluto[2094]: | *****parse ISAKMP Transform Payload (ISAKMP):
Apr 22 12:07:41 backup pluto[2094]: | next payload type: ISAKMP_NEXT_NONE
Apr 22 12:07:41 backup pluto[2094]: | length: 32
Apr 22 12:07:41 backup pluto[2094]: | transform number: 0
Apr 22 12:07:41 backup pluto[2094]: | transform ID: KEY_IKE
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: | af+type: OAKLEY_LIFE_TYPE
Apr 22 12:07:41 backup pluto[2094]: | length/value: 1
Apr 22 12:07:41 backup pluto[2094]: | [1 is OAKLEY_LIFE_SECONDS]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: | af+type: OAKLEY_LIFE_DURATION
Apr 22 12:07:41 backup pluto[2094]: | length/value: 3600
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Apr 22 12:07:41 backup pluto[2094]: | length/value: 5
Apr 22 12:07:41 backup pluto[2094]: | [5 is OAKLEY_3DES_CBC]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: | af+type: OAKLEY_HASH_ALGORITHM
Apr 22 12:07:41 backup pluto[2094]: | length/value: 1
Apr 22 12:07:41 backup pluto[2094]: | [1 is OAKLEY_MD5]
Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:
Apr 22 12:07:41 backup pluto[2094]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Apr 22 12:07:41 backup pluto[2094]: | length/value: 1
Apr 22 12:07:41 backup pluto[2094]: | [1 is OAKLEY_PRESHARED_KEY]
Apr 22 12:07:41 backup pluto[2094]: | started looking for secret for 192.168.254.3->a.b.c.d of kind PPK_PSK
Apr 22 12:07:41 backup pluto[2094]: | actually looking for secret for 192.168.254.3->a.b.c.dof kind PPK_PSK
Apr 22 12:07:41 backup pluto[2094]: | 1: compared PSK a.b.c.d to 192.168.254.3 / a.b.c.d-> 0
Apr 22 12:07:41 backup pluto[2094]: | 2: compared PSK 192.168.254.3 to 192.168.254.3 / a.b.c.d-> 4
Apr 22 12:07:41 backup pluto[2094]: | concluding with best_match=0 best=(nil) (lineno=-1)
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: Can't authenticate: no preshared key found for `192.168.254.3' and `a.b.c.d'. Attribute OAKLEY_AUTHENTICATION_METHOD
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: no acceptable Oakley Transform
Apr 22 12:07:41 backup pluto[2094]: | complete state transition with (null)
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: sending notification NO_PROPOSAL_CHOSEN to a.b.c.d:500
Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: failed to build notification for spisize=0
Apr 22 12:07:41 backup pluto[2094]: | state transition function for STATE_MAIN_I1 failed: NO_PROPOSAL_CHOSEN
Apr 22 12:07:41 backup pluto[2094]: | next event EVENT_PENDING_PHASE2 in 119 seconds
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050422/03558b12/attachment.htm
More information about the Users
mailing list