[Openswan Users] IPSEC Configuration problem with Openswan and KAME tools

DurgaPrasad Adusumalli adusumallid at gmail.com
Thu Jan 13 17:17:01 CET 2005 

I tried to set up a VPN Tunnel between two subnets using IPSEC and
KAME tools. All the systems on runnong on FC3. Manual keys were used
on both the gateways.  My network diagram is as below

				R   o    u    t     e       r
				     |                | 	
				     |                |
				     |	              |
				     |	              |	
 		          Left Gateway	 Right Gateway
		      (192.168.11.100)        (192.168.12.100)     
                                   |                   		|
                                   |                            |
                                   |			        |
                         Left Subnet		      Right Subnet
                    (192.168.6.0/24)                (192.168.7.0/24)

All the IPs used are private ips. Router is configured to route all
the traffic between
192.168.11.1 and 192.168.12.1. Ping tests between 192.168.11.100 and
192.168.12.100 are taking place fine confirming the network setup. I
have added kernel modules af_key, ah4, esp4 and xfrm4_tunnel.
My /etc/ipsec.conf script on left gateway is:

flush;
spdflush;

add 192.168.11.100 192.168.12.100 esp 1001 -m tunnel -E 3des-cbc
"123456789012345678901234" -A hmac-sha1 "12345678901234567890";
add 192.168.12.100 192.168.11.100  esp 2001 -m tunnel -E 3des-cbc
"123456789012345678901234" -A hmac-sha1 "12345678901234567890";

spdadd 192.168.6.0/24 162.168.7.0/24 any -P out ipsec
esp/tunnel/192.168.11.100-192.168.12.100/require;
spdadd 192.168.7.0/24 192.168.6.0/24 any -P in ipsec
esp/tunnel/192.168.12.100-192.168.11.100/require;

Similarly on the right gateway,

flush;
spdflush;

add 192.168.11.100 192.168.12.100 esp 1001 -m tunnel -E 3des-cbc
"123456789012345678901234" -A hmac-sha1 "12345678901234567890";
add 192.168.12.100 192.168.11.100  esp 2001 -m tunnel -E 3des-cbc
"123456789012345678901234" -A hmac-sha1 "12345678901234567890";

spdadd 192.168.6.0/24 162.168.7.0/24 any -P in ipsec
esp/tunnel/192.168.11.100-192.168.12.100/require;
spdadd 192.168.7.0/24 192.168.6.0/24 any -P out ipsec
esp/tunnel/192.168.12.100-192.168.11.100/require;
Checklists Packet Forwarding, Setkey version were done. 

I could not see any tunneling as there is no when I try to ping from
one of the left clients to one of the right clients. Can some please
resolve my problem.

Thanks in advance.
Durga Prasad.

More information about the Users mailing list