[Openswan Users] VPN this manual keys

Thu Aug 18 10:09:03 CEST 2005

Hello All,

I would like to create a vpn in tunnel mode for a test. The network test
is like this :

 10.10.45.0/24===152.18.31.45...152.18.31.74===172.30.15.0/24
	LAN1	(eth1)GW1(eth0)	 (eth0)GW2(vmnet1) LAN2

I would like, in a first step, use manuel keys (in second step, i will
use rsa). I made this /etc/ipsec.conf with the doc but when I start
ipsec service, I have such errors in /var/log/secure :

Aug 18 08:58:49 satellite pluto[9201]: "sat-vpn1" #1: initiating Main
Mode
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: received Vendor ID
payload [Openswan (this version) 2.3.1  X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: received Vendor ID
payload [Dead Peer Detection]
Aug 18 08:58:50 satellite pluto[9201]: "sat-vpn1" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 18 08:58:51 satellite pluto[9201]: "sat-vpn1" #1: I did not send a
certificate because I do not have one.
Aug 18 08:58:51 satellite pluto[9201]: "sat-vpn1" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 18 08:59:00 satellite pluto[9201]: "sat-vpn1" #1: discarding
duplicate packet; already STATE_MAIN_I3

Aug 18 08:59:21 satellite pluto[9201]: "sat-vpn1" #1: discarding
duplicate packet; already STATE_MAIN_I3
Aug 18 08:59:24 satellite pluto[9201]: packet from 152.18.31.74:500:
received Vendor ID payload [Openswan (this version) 2.3.1  X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Aug 18 08:59:24 satellite pluto[9201]: packet from 152.18.31.74:500:
received Vendor ID payload [Dead Peer Detection]
Aug 18 08:59:24 satellite pluto[9201]: "sat-vpn1" #2: responding to Main
Mode
Aug 18 08:59:24 satellite pluto[9201]: "sat-vpn1" #2: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 18 08:59:25 satellite pluto[9201]: "sat-vpn1" #2: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: Main mode peer ID
is ID_IPV4_ADDR: '152.18.31.74'
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: Main mode peer ID
is ID_IPV4_ADDR: '152.18.31.74'
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: no RSA public key
known for '152.18.31.74'; DNS search for KEY failed (no host
74.31.18.152.in-addr.arpa. for KEY record)
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: sending encrypted
notification INVALID_KEY_INFORMATION to 152.18.31.74:500
Aug 18 08:59:26 satellite pluto[9201]: "sat-vpn1" #2: failed to build
notification for spisize=0

Why pluto is running when I deal with manual keys ?
What mistake did I make ? (The 2 secure gw have the same configuration
file)

Thank you,

Vincent

----------------------------------------

version 2.0    
config setup
        interfaces="ipsec0=eth0"

conn sat-vpn1
        type=tunnel
        left=152.18.31.45
        leftsubnet=10.10.45.0/24
        leftnexthop=%direct
        right=152.18.31.74
        rightsubnet=172.30.15.0/24
        rightnexthop=%direct
        spi=0x200
        esp=3des-md5-96
	espenckey=0x01234567_89abcdef_02468ace_13579bdf_...snip
        espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
        auto=start

include /etc/ipsec.d/examples/no_oe.conf