[Openswan Users] Can't ping
simprix
simprix at simprix.net
Mon Jun 6 12:45:01 CEST 2005
I have fixed the subnet declaration and it now gives me this
Jun 6 11:45:43 gw001 pluto[21349]: "mrc-to-hope" #3: sent QI2, IPsec SA
established {ESP=>0x0ad5564d <0xb4a96976}
Jun 6 11:45:52 gw001 pluto[21349]: packet from 134.215.197.134:500:
initial Main Mode message received on 134.215.193.94:500 but no
connection has been authorized
Jun 6 11:46:21 gw001 pluto[21349]: packet from 134.215.197.90:500:
initial Main Mode message received on 134.215.193.94:500 but no
connection has been authorized
Jun 6 11:46:22 gw001 pluto[21349]: packet from 134.215.197.134:500:
initial Main Mode message received on 134.215.193.94:500 but no
connection has been authorized
Jun 6 11:46:57 gw001 pluto[21349]: packet from 134.215.197.134:500:
initial Main Mode message received on 134.215.193.94:500 but no
connection has been authorized
Jun 6 11:47:01 gw001 pluto[21349]: packet from 134.215.197.90:500:
initial Main Mode message received on 134.215.193.94:500 but no
connection has been authorized
+ _________________________ date
+ date
So it looks like it establishes but I still can't ping between
On Mon, 2005-06-06 at 10:31 -0400, simprix wrote:
> I am trying to setup a net-to-net connection. It worked under linux 2.4
> with openswan 1.0.7. I am using gentoo
>
> Configs------
>
> MRC
>
> ipsec.conf
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/mrc-to-hope.conf
>
> mrc-to-hope.conf
>
> conn mrc-to-hope
> left=134.215.193.94
> leftsubnet=192.168.10.0/24
> leftid=@gw001.cdsoc.org
> leftrsasigkey=.....
> leftnexthop=%defaultroute
> right=134.215.193.86
> rightsubnet=192.168.2.0/24
> rightid=@gw003.cdsoc.org
> rightrsasigkey=...
> rightnexthop=%defaultroute
> authby=rsasig
> auto=start
>
>
> HOPE
>
> ipsec.conf
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for
> lots.
> # klipsdebug=none
> # plutodebug="control parsing"
>
>
> #Disable Opportunistic Encryption
> include /etc/ipsec/ipsec.d/examples/no_oe.conf
> include /etc/ipsec/hope-to-mrc.conf
>
>
> conn hope-to-mrc
> left=134.215.193.86
> leftsubnet=192.168.2.0/24
> leftid=@gw003.cdsoc.org
> leftrsasigkey=....
> leftnexthop=%defaultroute
> right=134.215.193.94
> rightsubnet=192.168.1.0/24
> rightid=@gw001.cdsoc.org
> rightrsasigkey=....
> rightnexthop=%defaultroute
> authby=rsasig
> auto=start
>
> Here is the no-oe.conf file
>
> conn block
> auto=ignore
>
> conn private
> auto=ignore
>
> conn private-or-clear
> auto=ignore
>
> conn clear-or-private
> auto=ignore
>
> conn clear
> auto=ignore
>
> conn packetdefault
> auto=ignore
>
>
>
> When i try to establish the connection with ipsec auto --up mrc-to-hope
> I get this
>
> 104 "mrc-to-hope" #15: STATE_MAIN_I1: initiate
> 106 "mrc-to-hope" #15: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "mrc-to-hope" #15: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "mrc-to-hope" #15: STATE_MAIN_I4: ISAKMP SA established
> 112 "mrc-to-hope" #16: STATE_QUICK_I1: initiate
> 010 "mrc-to-hope" #16: STATE_QUICK_I1: retransmission; will wait 20s for
> response
>
>
> Links to ipsec barf for sites
>
> MRC
>
> http://pastebin.ca/13540
>
> HOPE
>
> http://pastebin.ca/13542
>
>
>
> Again, Thanks for the help
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list