[Openswan Users] VPN this manual keys
Vincent Schultz
vincent.schultz at wanadoo.fr
Thu Aug 18 10:09:03 CEST 2005
Hello All,
I would like to create a vpn in tunnel mode for a test. The network test
is like this :
10.10.45.0/24===152.18.31.45...152.18.31.74===172.30.15.0/24
LAN1 (eth1)GW1(eth0) (eth0)GW2(vmnet1) LAN2
I would like, in a first step, use manuel keys (in second step, i will
use rsa). I made this /etc/ipsec.conf with the doc but when I start
ipsec service, I have such errors in /var/log/secure :
Aug 18 08:58:49 satellite pluto[9201]: "sat-vpn1" #1: initiating Main
Mode
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: received Vendor ID
payload [Openswan (this version) 2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: received Vendor ID
payload [Dead Peer Detection]
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 18 08:58:51 satellite pluto[9201]: "sat-vpn1" #1: I did not send a
certificate because I do not have one.
Aug 18 08:58:51 satellite pluto[9201]: "sat-vpn1" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 18 08:59:00 satellite pluto[9201]: "sat-vpn1" #1: discarding
duplicate packet; already STATE_MAIN_I3
Aug 18 08:59:21 satellite pluto[9201]: "sat-vpn1" #1: discarding
duplicate packet; already STATE_MAIN_I3
Aug 18 08:59:24 satellite pluto[9201]: packet from 152.18.31.74:500:
received Vendor ID payload [Openswan (this version) 2.3.1 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Aug 18 08:59:24 satellite pluto[9201]: packet from 152.18.31.74:500:
received Vendor ID payload [Dead Peer Detection]
Aug 18 08:59:24 satellite pluto[9201]: "sat-vpn1" #2: responding to Main
Mode
Aug 18 08:59:24 satellite pluto[9201]: "sat-vpn1" #2: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 18 08:59:25 satellite pluto[9201]: "sat-vpn1" #2: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: Main mode peer ID
is ID_IPV4_ADDR: '152.18.31.74'
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: Main mode peer ID
is ID_IPV4_ADDR: '152.18.31.74'
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: no RSA public key
known for '152.18.31.74'; DNS search for KEY failed (no host
74.31.18.152.in-addr.arpa. for KEY record)
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: sending encrypted
notification INVALID_KEY_INFORMATION to 152.18.31.74:500
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: failed to build
notification for spisize=0
Why pluto is running when I deal with manual keys ?
What mistake did I make ? (The 2 secure gw have the same configuration
file)
Thank you,
Vincent
----------------------------------------
version 2.0
config setup
interfaces="ipsec0=eth0"
conn sat-vpn1
type=tunnel
left=152.18.31.45
leftsubnet=10.10.45.0/24
leftnexthop=%direct
right=152.18.31.74
rightsubnet=172.30.15.0/24
rightnexthop=%direct
spi=0x200
esp=3des-md5-96
espenckey=0x01234567_89abcdef_02468ace_13579bdf_...snip
espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
auto=start
include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list