[Openswan Users]
Ipsec Implementation between two hosts using openswan
Sowjanya Mulpuri
sowjanya at gwn-inc.com
Wed Nov 2 10:29:17 CET 2005
-- Summary: Regarding to openswan ipsec implementation between two hosts
which are in same network
Description:
Dear All,
please guide me how to implement openswan between two hosts with in same
network.
here iam giving complete details how i configured if ant thing wrong
please tell me.
our linux version is:RHEL3
2.4.21-4.EL
we have installed rpm from openswan: openswan-2.4.0-23.el3.at.i386.rpm
After installing this rpm at root we get like this
[root at station3 root]# service ipsec start
ipsec_setup: Starting Openswan IPsec 2.4.0...
ipsec_setup: modprobe: Can't locate module ipsec
ipsec_setup: /sbin/insmod /lib/modules/2.4.21-4.EL/kernel/net/key/af_key.o
ipsec_setup: Using /lib/modules/2.4.21-4.EL/kernel/net/key/af_key.o
ipsec_setup: Symbol version prefix ''
ipsec_setup: modprobe: Can't locate module xfrm4_tunnel
ipsec_setup: modprobe: Can't locate module xfrm_user
ipsec_setup: modprobe: Can't locate module sha1
ipsec_setup: modprobe: Can't locate module md5
ipsec_setup: modprobe: Can't locate module des
[root at station3 root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.0/K2.4.21-4.EL (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
[root at station3 root]# vi /etc/ipsec.conf
In this file we have configured the connection between two hosts as
follows
conn net-net
left=192.168.1.3
leftsubnet=192.168.1.0/24
leftid=souji at station3.gwn.com
leftrsasigkey=0sAQPduGxgxDg41+kjlAbORN5Xg/rtsTRqy16CYnUrOf5cy03PNhggVCiEzGdZyg1IkjdbpIt18iG+fwol4oIPC1HcvD/1Du83U0IVArcCRF/voGNZJMNHNH1LVWRMp47fuA/k2t6FBauJLgzc9QTde0M64QaqqEPPqjMHxRnaiorCB35582SIRfsb9LIM5ojMGW5bmPaUzG2ilmiwuMyfet1rvHqQeZY0aWDJUAmQ88GLoiFkJ1Ab+AE81OfI1FzWMdir9gEYC3TbdO8Zy5Y+IxzComiYIOmO+TlxjHJd7FhQpjqjeUDjgem4BGMwurVwrw9X6tzLat1qEwcxI+8B6ZNGAXYCT+xPz1C0v0OzK0gH3/0X
leftnexthop=192.168.1.254
right=192.168.1.2
rightsubnet=192.168.1.0/24
rightid=souji at station3.gwn.com
rightrsasigkey=0sAQOm4wTQwZqR9vcKZ1+umCdNtkVnRXcyIBglozW8ozOGZuofZDh8bnWr/z3pzCM6DUhsPtqFpZrXqFx6KuhEZVLwrOWbtWdIye6mS0K6DYsWwYiqUJ/XiBeT9xgJwuW0Ayea0xxgv5pTj2lXDC11eYcOob5F3CiH5T0nBoD9q80wx1RaBLTVWGGXPlRTYSdAXBiCC+IBIdYhvGAjxsKnDy5jWdzPBpdE3/PEWpPTEkW/WedCXrg0Ll7OEFVDJ4oHPrXao4XDUHXOe7no9GEreFeZ7sYctGLm3uVatcDx3UiSeAOtj7gNYa8m+WXg5kRxOgDMMmpyetlygRDXQgN32kay3uHUsnmYGmSflaLlZnuAhG3b
rightnexthop=192.168.1.254
auto=add
we have given exactly the same keys to both the systems.
to test the connection we have to up the interface net-net
[root at station3 root]# ipsec auto --up net-net
104 "net-net" http://bugs.xelerance.com/view.php?id=2: STATE_MAIN_I1:
initiate
010 "net-net" http://bugs.xelerance.com/view.php?id=2: STATE_MAIN_I1:
retransmission; will wait 20s for
response
010 "net-net" http://bugs.xelerance.com/view.php?id=2: STATE_MAIN_I1:
retransmission; will wait 40s for
response
parallel we have observered the output in ethereal we are able to send
isakamp packet but in response we get icmp "destination unreachable".
how can i solve this problem.
we have configured the connections by refering to this site.
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/index.html
kindly look into the problem .Ifu can help us it would be nice.
>
> awaiting ur favorable response.
thanking you,
with regards
sowjanya
More information about the Users
mailing list