[Openswan Users] Help please

lee huughes toxicnaan at gmail.com
Fri May 6 05:43:07 CEST 2005 

perhaps you can suppy a diagram?

you seem to have weird numbers here, are both machine behind nat,???

to establish a tunnel over the internet your going to need 'two'
public internet address,
to define the end points, 

conn vpn, termiate it end point as >         right=10.0.0.1

that will just leave your gateway via the default route, and get
dropped either by your isp
(they should be null routing private ip block, if the isp does'nt know
what it's doing then this packet will end up somewhere? probably in
russia. or something. ;-) ;-)

at the moment you only have one public address.... again, a diagram of
your network, showing ip address, would be a great help, and if you
can't draw it with ASCII, it can't be done.

Cheers,


On 5/6/05, kidboy at brturbo.com.br <kidboy at brturbo.com.br> wrote:
> Hi guys, i need help. I have two machines with fedora core 3 installed, and i wan to put this to talk with ipsec. This machines are located back to modem adsl, and this modem ware doing firewall to this machis any packages to it. My configuration is:
> 
>  * Server One
> 
> config setup
> 
>         plutodebug=all
>         interfaces="ipsec0=eth0"
>         klipsdebug=all
>         nat_traversal = yes
> 
> conn %default
>         esp=3des-md5-2192
>         authby=rsasig
> 
> conn vpn
>         type=tunnel
>         left=200.80.163.10
>         leftsubnet=192.10.1.0/24
>         leftrsasigkey=0sAQ...
>         right=10.0.0.1
>         rightsubnet=192.168.0.0/24
>         rightrsasigkey=0sAQO...
>         auto=add
> 
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> 
> * Server two
> 
> config setup
> 
>         plutodebug=all
>         interfaces="ipsec0=eth0"
>         klipsdebug=all
>         nat_traversal = yes
> 
> conn %default
>         esp=3des-md5-2192
>         authby=rsasig
> 
> conn vpn
>         type=tunnel
>         left=10.1.1.5
>         leftsubnet=192.10.1.0/24
>         leftrsasigkey=0sAQ...
>         right=200.175.246.2
>         rightsubnet=192.168.0.0/24
>         rightrsasigkey=0sAQO...
>         auto=add
> 
> When i start ipsec and start conection:
> # service ipsec start
> # ipsec auto --up vpn
> 
> I recive this mensage in log file:
> 
> ............
> May  5 21:39:56 servidor pluto[11568]: | refine_connection: starting with vpn
> May  5 21:39:56 servidor pluto[11568]: "vpn" #27: no suitable connection for peer '10.1.1.5'
> May  5 21:39:56 servidor pluto[11568]: | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION
> May  5 21:39:56 servidor pluto[11568]: | next event EVENT_RETRANSMIT in 5 seconds for #26
> 
> And this mensagem with command ipsec auto --status
> 
> .....................
> 000 #27: "vpn" STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 12s
> 000 #28: "vpn" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 1s
> 000 #28: pending Phase 2 for "vpn" replacing #0
> 
> Please somebody can help me with this problem ? I need a solution, i already everything i know. My firewall is ok, i already verify it.
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 
> 
>

More information about the Users mailing list