[Openswan Users] Help on openswan setup SUSE 9.2

John Simeone jsimeone at inplex.com
Thu Jan 20 12:52:55 CET 2005

Hello to everyone.

I am stymied on setting up ipsec on a SUSE 9.2 64 bit  dual processor 
Linux box. I am running Openswan U2.2.0/K2.6.8-24.5-smp (native).

The ultimate objective here is to connect two machines host to host 
across a private network: one, the SUSE box; the other, a Win2K SP3 with 
Marcus Müller's ipsec.exe routine.

There is no DNS Server running in the network.

I've followed Nate Carlson's very explicit Openswan how-to 
(http://www.natecarlson.com/linux/ipsec-x509.php) to the letter.

I've reached the point were I have the CA cert and the host machine 
certs generated. On the Linux box the CAcert (cacert.pem) is in 
/etc/ipsec.d/cacerts. The host cert (host1.pem) is in 
/etc/ipsec.d/certs. The host key (host1.key) is in /etc/ipsec.d/private.

My /etc/ipsec.secrets file contains one line:

: RSA host1.key "password"

The ipsec script starts up without any error message but ipsec secrets 
--verbose produces no output.

ipsec auto --listall comes up only with the CA cert and the CRL, no 
Public keys.

I had no problems importing the Windows host cert into the MMC using 
Carlson's instructions.

My ipsec.conf on Windows is:

conn host-to-host
    rightca="C=CA, S=Ontario, L=Toronto, O=The Corporation, CN=INC 
Master Cert"
    rightid="C=CA, O=The Corporation, CN=Host1"

ipsec  -debug on Windows produces three ipsecpol commands which all 
execute without errors, the last associated with ipsec's "Activating 
policy..." message.

Pinging the Host1 machine address from Windows produces four 
"Negotiating IP Security" messages and then a ping stat report of 4 lost 
packets. Running the ping command multiple times results in the same output.

Can anyone offer some insights in how to proceed with debugging this 

Any help would be much appreciated.


More information about the Users mailing list