[Openswan Users] Can't ping

simprix simprix at simprix.net
Mon Jun 6 11:31:10 CEST 2005 

I am trying to setup a net-to-net connection. It worked under linux 2.4
with openswan 1.0.7. I am using gentoo

Configs------

MRC

ipsec.conf


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup

#Disable Opportunistic Encryption
include /etc/ipsec/ipsec.d/examples/no_oe.conf
include /etc/ipsec/mrc-to-hope.conf

mrc-to-hope.conf

conn mrc-to-hope
        left=134.215.193.94
        leftsubnet=192.168.10.0/24
        leftid=@gw001.cdsoc.org
        leftrsasigkey=.....
        leftnexthop=%defaultroute
        right=134.215.193.86
        rightsubnet=192.168.2.0/24
        rightid=@gw003.cdsoc.org
        rightrsasigkey=...
        rightnexthop=%defaultroute
        authby=rsasig
        auto=start


HOPE

ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        # klipsdebug=none
        # plutodebug="control parsing"


#Disable Opportunistic Encryption
include /etc/ipsec/ipsec.d/examples/no_oe.conf
include /etc/ipsec/hope-to-mrc.conf


conn hope-to-mrc
        left=134.215.193.86
        leftsubnet=192.168.2.0/24
        leftid=@gw003.cdsoc.org
        leftrsasigkey=....
        leftnexthop=%defaultroute
        right=134.215.193.94
        rightsubnet=192.168.1.0/24
        rightid=@gw001.cdsoc.org
        rightrsasigkey=....
        rightnexthop=%defaultroute
        authby=rsasig
        auto=start

Here is the no-oe.conf file

conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore



When i try to establish the connection with ipsec auto --up mrc-to-hope
I get this 

104 "mrc-to-hope" #15: STATE_MAIN_I1: initiate
106 "mrc-to-hope" #15: STATE_MAIN_I2: sent MI2, expecting MR2
108 "mrc-to-hope" #15: STATE_MAIN_I3: sent MI3, expecting MR3
004 "mrc-to-hope" #15: STATE_MAIN_I4: ISAKMP SA established
112 "mrc-to-hope" #16: STATE_QUICK_I1: initiate
010 "mrc-to-hope" #16: STATE_QUICK_I1: retransmission; will wait 20s for
response


Links to ipsec barf for sites

MRC

http://pastebin.ca/13540

HOPE

http://pastebin.ca/13542



Again, Thanks for the help

More information about the Users mailing list