[Openswan Users] Interopeability of openswan with freeswan
naveen kumar
naveen_mamindla at yahoo.co.in
Tue Jun 28 13:05:28 CEST 2005
Hi all,
I have ported openswan-2.3.0 onto ARM board running
linux-2.4.18 kernel.I am trying to connect to RedHat
Linux PC running freeswan-2.00 IPSec in it.I was
successfully able to establish the tunnel, but when I
am pinging from the ARM board to PC , ESP packets are
going out of ARM board but PC was not able to decrypt
it.I have observed that /proc/net/ipsec_spi in
freeswan-2.00 is having auth_errs=506, while openswan
side it is not there.
One more thing is whenever pluto initiates mainmode
from PC side only this thing is hapenning , but when
pluto initiates mainmode from openswan side everything
is working fine.Both are pinging each other.
Can somebody help me regarding this...
Thanks & Regards
Naveen
--------------------------------------------------------
/proc/net/ipsec_spi dump from freeswan side:
esp0xadc59845 at 192.168.1.122 ESP_3DES_HMAC_SHA1: dir=in
src=192.168.1.125 iv_bits=64bits
iv=0xf324e1890a702339 ooowin=64 alen=160 aklen=160
auth_errs=506 eklen=192 life(c,s,h)=addtime(2487,0,0)
refcount=510 ref=37
esp0xadc59842 at 192.168.1.122 ESP_3DES_HMAC_MD5: dir=in
src=192.168.1.125 iv_bits=64bits iv=0x0d5756937b979412
ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(2594,0,0) refcount=4 ref=7
esp0x7e0f0723 at 192.168.1.125 ESP_3DES_HMAC_SHA1:
dir=out src=192.168.1.122 iv_bits=64bits
iv=0x5b1befca90449b97 ooowin=64 alen=160 aklen=160
eklen=192 life(c,s,h)=addtime(2486,0,0) refcount=4
ref=42
esp0x7e0f0722 at 192.168.1.125 ESP_3DES_HMAC_MD5: dir=out
src=192.168.1.122 iv_bits=64bits iv=0x38774dbb2ca6f770
ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(2594,0,0) refcount=4 ref=12
tun0x1008 at 192.168.1.125 IPIP: dir=out
src=192.168.1.122 life(c,s,h)=addtime(2486,0,0)
refcount=4 ref=43
tun0x1007 at 192.168.1.122 IPIP: dir=in
src=192.168.1.125
policy=192.168.1.125/32->192.168.1.122/32 flags=0x8<>
life(c,s,h)=addtime(2487,0,0) refcount=4 ref=38
tun0x1002 at 192.168.1.125 IPIP: dir=out
src=192.168.1.122 life(c,s,h)=addtime(2594,0,0)
refcount=4 ref=13
tun0x1001 at 192.168.1.122 IPIP: dir=in
src=192.168.1.125
policy=192.168.1.125/32->192.168.1.122/32 flags=0x8<>
life(c,s,h)=addtime(2594,0,0) refcount=4 ref=8
---------------------------------------------------------
/proc/net/ipsec_spi dump from openswan side:
esp0xadc59845 at 192.168.1.122 ESP_3DES_HMAC_SHA1:
dir=out src=192.168.1.125 iv_bits=64bits
iv=0x4cc0e0f055786aff ooowin=64 seq=509 alen=160
aklen=160 eklen=192
life(c,s,h)=bytes(69224,0,0)addtime(520,0,0)usetime(515,0,0)packets(509,0,0)
idle=7 refcount=4 ref=23
esp0xadc59842 at 192.168.1.122 ESP_3DES_HMAC_MD5: dir=out
src=192.168.1.125 iv_bits=64bits iv=0xc20decc4b2ba3f66
ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(627,0,0) refcount=4 ref=13
esp0x7e0f0723 at 192.168.1.125 ESP_3DES_HMAC_SHA1: dir=in
src=192.168.1.122 iv_bits=64bits
iv=0xf353dde4961cb03b ooowin=64 alen=160 aklen=160
eklen=192 life(c,s,h)=addtime(520,0,0) refcount=4
ref=18
esp0x7e0f0722 at 192.168.1.125 ESP_3DES_HMAC_MD5: dir=in
src=192.168.1.122 iv_bits=64bits iv=0x44316ec7002ed550
ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(628,0,0) refcount=4 ref=8
tun0x1003 at 192.168.1.125 IPIP: dir=in
src=192.168.1.122
policy=192.168.1.122/32->192.168.1.125/32 flags=0x8<>
life(c,s,h)=addtime(520,0,0) refcount=4 ref=17
tun0x1004 at 192.168.1.122 IPIP: dir=out
src=192.168.1.125
life(c,s,h)=bytes(52936,0,0)addtime(520,0,0)usetime(515,0,0)packets(509,0,0)
idle=7 refcount=4 ref=22
tun0x1001 at 192.168.1.125 IPIP: dir=in
src=192.168.1.122
policy=192.168.1.122/32->192.168.1.125/32 flags=0x8<>
life(c,s,h)=addtime(628,0,0) refcount=4 ref=7
tun0x1002 at 192.168.1.122 IPIP: dir=out
src=192.168.1.125 life(c,s,h)=addtime(627,0,0)
refcount=4 ref=12
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
More information about the Users
mailing list