[Openswan Users] Help on openswan setup SUSE 9.2
jsimeone at inplex.com
Thu Jan 20 12:52:55 CET 2005
Hello to everyone.
I am stymied on setting up ipsec on a SUSE 9.2 64 bit dual processor
Linux box. I am running Openswan U2.2.0/K2.6.8-24.5-smp (native).
The ultimate objective here is to connect two machines host to host
across a private network: one, the SUSE box; the other, a Win2K SP3 with
Marcus Müller's ipsec.exe routine.
There is no DNS Server running in the network.
I've followed Nate Carlson's very explicit Openswan how-to
(http://www.natecarlson.com/linux/ipsec-x509.php) to the letter.
I've reached the point were I have the CA cert and the host machine
certs generated. On the Linux box the CAcert (cacert.pem) is in
/etc/ipsec.d/cacerts. The host cert (host1.pem) is in
/etc/ipsec.d/certs. The host key (host1.key) is in /etc/ipsec.d/private.
My /etc/ipsec.secrets file contains one line:
: RSA host1.key "password"
The ipsec script starts up without any error message but ipsec secrets
--verbose produces no output.
ipsec auto --listall comes up only with the CA cert and the CRL, no
I had no problems importing the Windows host cert into the MMC using
My ipsec.conf on Windows is:
rightca="C=CA, S=Ontario, L=Toronto, O=The Corporation, CN=INC
rightid="C=CA, O=The Corporation, CN=Host1"
ipsec -debug on Windows produces three ipsecpol commands which all
execute without errors, the last associated with ipsec's "Activating
Pinging the Host1 machine address from Windows produces four
"Negotiating IP Security" messages and then a ping stat report of 4 lost
packets. Running the ping command multiple times results in the same output.
Can anyone offer some insights in how to proceed with debugging this
Any help would be much appreciated.
More information about the Users