[Openswan Users] net-to-net vpn setup

Ted Kaczmarek tedkaz at optonline.net
Mon Aug 8 22:43:34 CEST 2005 

On Mon, 2005-08-08 at 13:55 -0400, Vishal Dubey wrote:
> can some point me to doc's that show how to setup net-to-net using 
> openswan 2.4.0dr8 and shorewall?
> 
> i am newbie and can use all the help i can get.
> 
> my setup
> 
> os is fc4 with kerenl 2.6.12.3 patched with netfilter+ipsec and policy 
> match
> openswan as stated earlier 2.4.0dr8 ( it seems to comile when you "make 
> programs install" but does not compile KLIPS).
> shorewall version is 2.4.2
> here is what is happening:
> 
> 192.168.10.0/24 <---> firewall/vpn <----> internet <---> firewall/vpn 
> <----> 192.168.100.0/24
>                                     (vangogh 
> 11.11.11.20/24)                                    (kirchner 12.12.12.5/28)
> i generated public/private key's for vangogh and kirchner on a third 
> system.
> 
> on vangogh i installed the the folloing key's and cert's:
> vangogh.bbcllc.net.req.key to /etc/ipsec.d/private
> vangogh.bbcllc.net.cert.pem to /etc/ipsec.d/certs
> kirchner.bbcllc.net.cert.pem to /etc/ipsec.d/certs
> cacert.pem to /etc/ipsec.d/cacerts
> crl.pem to /etc/ipsec.d/crls
> 
> on kirchner  key and files are in their respective directory including  
> cacert.pem and crl.pem. the only thing that is not on kirchner is the 
> vangogh's .pem file.
> *****
> 
> i am geting the following error messages in the /var/log/messages file:
> 
> Aug  8 09:42:24 vangogh ipsec__plutorun: restarting IPsec after pause...
> Aug  8 09:42:34 vangogh rmmod: ERROR: Module af_key is in use
> Aug  8 09:42:34 vangogh ipsec_setup: ...Openswan IPsec stopped
> Aug  8 09:42:34 vangogh ipsec_setup: Stopping Openswan IPsec...
> Aug  8 09:42:35 vangogh ipsec_setup: KLIPS ipsec0 on eth0 
> 11.11.11.20/255.255.255.0 broadcast 11.11.11.255
> Aug  8 09:42:35 vangogh racoon: INFO: unsupported PF_KEY message REGISTER
> Aug  8 09:42:35 vangogh last message repeated 2 times
> Aug  8 09:42:35 vangogh ipsec_setup: ...Openswan IPsec started
> Aug  8 09:42:35 vangogh ipsec_setup: Restarting Openswan IPsec 
> U2.4.0dr8/K2.6.12.3-bc-20050805-1...
> Aug  8 09:42:35 vangogh ipsec_setup: insmod 
> /lib/modules/2.6.12.3-bc-20050805-1/kernel/net/ipv4/xfrm4_tunnel.ko
> Aug  8 09:42:35 vangogh ipsec__plutorun: 003 FATAL ERROR: bind() failed 
> in find_raw_ifaces4(). Errno 98: Address already in use
> Aug  8 09:42:35 vangogh ipsec__plutorun: !pluto failure!:  exited with 
> error status 1
> 
> please help!
> 
> 
> _______________________________________________
netstat -an | grep 500

If you have the same issue as me, it is left over racoon connection,
they don't like to go away properly.

rpm -e ipsec-tools
reboot 
that was the cleanest for me testing with Centos 4.1(ES4 clone).

The blows away the racoon stuff, based upon what I have seen with FC3
and Centos 4, ipsec-tools and openswan don't mix well at this time.

Ted

More information about the Users mailing list