[Openswan Users] Can't ping

simprix simprix at simprix.net
Mon Jun 6 11:44:35 CEST 2005 

On Mon, 2005-06-06 at 10:31 -0400, simprix wrote:
> I am trying to setup a net-to-net connection. It worked under linux 2.4
> with openswan 1.0.7. I am using gentoo
> 
> Configs------
> 
> MRC
> 
> ipsec.conf
> 
> 
> version 2.0     # conforms to second version of ipsec.conf specification
> 
> # basic configuration
> config setup
> 
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/mrc-to-hope.conf
> 
> mrc-to-hope.conf
> 
> conn mrc-to-hope
>         left=134.215.193.94
>         leftsubnet=192.168.10.0/24
>         leftid=@gw001.cdsoc.org
>         leftrsasigkey=.....
>         leftnexthop=%defaultroute
>         right=134.215.193.86
>         rightsubnet=192.168.2.0/24
>         rightid=@gw003.cdsoc.org
>         rightrsasigkey=...
>         rightnexthop=%defaultroute
>         authby=rsasig
>         auto=start
> 
> 
> HOPE
> 
> ipsec.conf
> 
> version 2.0     # conforms to second version of ipsec.conf specification
> 
> # basic configuration
> config setup
>         # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
> 
> 
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/hope-to-mrc.conf
> 
> 
> conn hope-to-mrc
>         left=134.215.193.86
>         leftsubnet=192.168.2.0/24
>         leftid=@gw003.cdsoc.org
>         leftrsasigkey=....
>         leftnexthop=%defaultroute
>         right=134.215.193.94
>         rightsubnet=192.168.1.0/24
>         rightid=@gw001.cdsoc.org
>         rightrsasigkey=....
>         rightnexthop=%defaultroute
>         authby=rsasig
>         auto=start
> 
> Here is the no-oe.conf file
> 
> conn block
>     auto=ignore
> 
> conn private
>     auto=ignore
> 
> conn private-or-clear
>     auto=ignore
> 
> conn clear-or-private
>     auto=ignore
> 
> conn clear
>     auto=ignore
> 
> conn packetdefault
>     auto=ignore
> 
> 
> 
> When i try to establish the connection with ipsec auto --up mrc-to-hope
> I get this 
> 
> 104 "mrc-to-hope" #15: STATE_MAIN_I1: initiate
> 106 "mrc-to-hope" #15: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "mrc-to-hope" #15: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "mrc-to-hope" #15: STATE_MAIN_I4: ISAKMP SA established
> 112 "mrc-to-hope" #16: STATE_QUICK_I1: initiate
> 010 "mrc-to-hope" #16: STATE_QUICK_I1: retransmission; will wait 20s for
> response
> 
> 
> Links to ipsec barf for sites
> 
> MRC
> 
> http://pastebin.ca/13540
> 
> HOPE
> 
> http://pastebin.ca/13542
> 
> 
> 
> Again, Thanks for the help
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list