[Openswan Users] Help for freeswan road warrior on pppoe!

Paul Wouters paul at xelerance.com
Mon Aug 1 23:02:53 CEST 2005


On Mon, 1 Aug 2005, Simon Yang wrote:

> conn test
>        type=tunnel
>        authby=secret
>        spi=0x200
>        esp=3des-md5-96
>
> espenckey=0x0c351ecf_7948f6d3_1abdf42b_77de8463_b1228d4b_ddc67c5b
>        espauthkey=0x0c351ecf_7948f6d3_1abdf42b_77de8463
>        pfs=no
>        # Left security gateway, subnet behind it, next hop toward
> right.
>        left=192.168.57.76
>        leftsubnet=192.168.1.0/24
>        # Right security gateway, subnet behind it, next hop toward
> left.
>        right=%any
>        auto=start
>
> Site B(Road Warrior Client, IPSEC.EXE):
> conn test
>  left=192.168.57.75
>    right=192.168.57.76
>    rightsubnet=192.168.1.0/24
>    spi=0x200
>    esp=3des-md5-96
>    espenckey=0x0c351ecf_7948f6d3_1abdf42b_77de8463_b1228d4b_ddc67c5b
>    espauthkey=0x0c351ecf_7948f6d3_1abdf42b_77de8463
>    presharedkey="12345"
>    network=auto
>    auto=start
>    pfs=yes

You should not use manual keying, eg do not specify spi= or espenckey/espauthkey.
You should also try to avoid using preshared keys, and use X.509 certificates instead.
Actually, I recommend using the lsipsectgool from sourceforge.net over the ipsec.exe
tools from Marcus.

> /usr/local/lib/ipsec/_updown: `ip route add 192.168.57.75/32 via
> 192.168.57.75 dev ipsec0' failed

Try specifying a leftnexthop= to your default gateway. Openswan seems to be 
confused about your default gateway.

Paul
-- 

"With Data mining, we can search specifically for clues"

--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension


More information about the Users mailing list