[Openswan Users] Freeswan -> Openswan upgrade, vpn not working

Glen Eustace geustace at godzone.net.nz
Mon Apr 25 09:52:59 CEST 2005 

On Sun, 2005-04-24 at 15:20 +0200, Paul Wouters wrote:

> The order in which proposals are sent has likely changed during the last few
> years. Checkpoint 1 might ignore everything after the first (now wrong)
> proposal. Check your old logs to see what you actually used, and specify
> esp= and ike= paramters.

I didn't change this part of the configuration, what I am using is
below. Unfortunately, the logs for the old setup are on a disk that is
no longer in a machine so is a little difficult to look at :-(

If this is no longer appropriate, what should it be ?

conn %default
        keyingtries=0
        auth=esp
        authby=secret
        pfs=no
        auto=start
        keylife=1h
        ikelifetime=6h

# BNZ Buyline Production Server
conn buyline
        type=tunnel
        left=xxx.yy.96.1
        leftsubnet=xxx.yy.97.52/32
        right=aaa.bb.214.210
        rightnexthop=aaa.bb.214.209
        rightsubnet=aaa.bb.214.168/29
        esp=3des-sha1-96

conn buyline-test
        type=tunnel
        left=xxx.yy.96.1
        leftsubnet=xxx.yy.97.54/32
        right=aaa.bb.214.210
        rightnexthop=aaa.bb.214.209
        rightsubnet=aaa.bb.214.168/29
        esp=3des-sha1-96

The logs show the following which I assummed meant that the tunnel was
up.

Apr 25 08:48:15 agree-3 pluto[9271]: loading secrets from
"/etc/ipsec.secrets"
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: initiating Main
Mode
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: Peer ID is
ID_IPV4_ADDR: 'XXX.YY.96.1'
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #1: ISAKMP SA
established
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #3: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline" #2: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline" #2: sent QI2, IPsec SA
established {ESP=>0x26e768e9 <0x6c84d43c}
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #3: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 25 08:48:15 agree-3 pluto[9271]: "buyline-test" #3: sent QI2, IPsec
SA established {ESP=>0xd5f73a93 <0x41888834}

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Glen and Rosanne Eustace,
GodZone Internet Services, a division of AGRE Enterprises Ltd.,
P.O. Box 8020, Palmerston North, New Zealand 5301
Ph/Fax: +64 6 357 8168, Mob: +64 27 5 424 015, Web: www.godzone.net.nz

"A Ministry specialising in providing low-cost professional Internet
Services to NZ Christian Churches, Ministries and Organisations"

More information about the Users mailing list