[Openswan Users] net-to-net vpn setup
Ted Kaczmarek
tedkaz at optonline.net
Mon Aug 8 22:43:34 CEST 2005
On Mon, 2005-08-08 at 13:55 -0400, Vishal Dubey wrote:
> can some point me to doc's that show how to setup net-to-net using
> openswan 2.4.0dr8 and shorewall?
>
> i am newbie and can use all the help i can get.
>
> my setup
>
> os is fc4 with kerenl 2.6.12.3 patched with netfilter+ipsec and policy
> match
> openswan as stated earlier 2.4.0dr8 ( it seems to comile when you "make
> programs install" but does not compile KLIPS).
> shorewall version is 2.4.2
> here is what is happening:
>
> 192.168.10.0/24 <---> firewall/vpn <----> internet <---> firewall/vpn
> <----> 192.168.100.0/24
> (vangogh
> 11.11.11.20/24) (kirchner 12.12.12.5/28)
> i generated public/private key's for vangogh and kirchner on a third
> system.
>
> on vangogh i installed the the folloing key's and cert's:
> vangogh.bbcllc.net.req.key to /etc/ipsec.d/private
> vangogh.bbcllc.net.cert.pem to /etc/ipsec.d/certs
> kirchner.bbcllc.net.cert.pem to /etc/ipsec.d/certs
> cacert.pem to /etc/ipsec.d/cacerts
> crl.pem to /etc/ipsec.d/crls
>
> on kirchner key and files are in their respective directory including
> cacert.pem and crl.pem. the only thing that is not on kirchner is the
> vangogh's .pem file.
> *****
>
> i am geting the following error messages in the /var/log/messages file:
>
> Aug 8 09:42:24 vangogh ipsec__plutorun: restarting IPsec after pause...
> Aug 8 09:42:34 vangogh rmmod: ERROR: Module af_key is in use
> Aug 8 09:42:34 vangogh ipsec_setup: ...Openswan IPsec stopped
> Aug 8 09:42:34 vangogh ipsec_setup: Stopping Openswan IPsec...
> Aug 8 09:42:35 vangogh ipsec_setup: KLIPS ipsec0 on eth0
> 11.11.11.20/255.255.255.0 broadcast 11.11.11.255
> Aug 8 09:42:35 vangogh racoon: INFO: unsupported PF_KEY message REGISTER
> Aug 8 09:42:35 vangogh last message repeated 2 times
> Aug 8 09:42:35 vangogh ipsec_setup: ...Openswan IPsec started
> Aug 8 09:42:35 vangogh ipsec_setup: Restarting Openswan IPsec
> U2.4.0dr8/K2.6.12.3-bc-20050805-1...
> Aug 8 09:42:35 vangogh ipsec_setup: insmod
> /lib/modules/2.6.12.3-bc-20050805-1/kernel/net/ipv4/xfrm4_tunnel.ko
> Aug 8 09:42:35 vangogh ipsec__plutorun: 003 FATAL ERROR: bind() failed
> in find_raw_ifaces4(). Errno 98: Address already in use
> Aug 8 09:42:35 vangogh ipsec__plutorun: !pluto failure!: exited with
> error status 1
>
> please help!
>
>
> _______________________________________________
netstat -an | grep 500
If you have the same issue as me, it is left over racoon connection,
they don't like to go away properly.
rpm -e ipsec-tools
reboot
that was the cleanest for me testing with Centos 4.1(ES4 clone).
The blows away the racoon stuff, based upon what I have seen with FC3
and Centos 4, ipsec-tools and openswan don't mix well at this time.
Ted
More information about the Users
mailing list