[Openswan Users] Remote SSH dropped when IPSEC started

heath bunting heath at irational.org
Wed Nov 30 20:35:07 CET 2005 

On Wed, 30 Nov 2005, David Wilson wrote:

hi

i have the same problem

when i run /etc/init.d/ipsec start
i loose my ssh connection

i tried adding the following fix:

   leftsourceip=129.50.a.b (where 129.50.a.b is the internal ip of 81.79.160.12
   rightsourceip=192.168.c.d (where 192.168.c.d is the internal ip of 196.12.241.21

but it still locked

my config file looks like this:


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup

conn net-to-net
     left=10.0.0.1
     leftnexthop=212.159.64.84
     leftsubnet=10.0.0.8/29
     leftsourceip=10.0.0.1
     leftid=@factory.bristol-glass.co.uk
     leftrsasigkey=0sAQOxy2v8W+cRwdAuSRry ...
     right=10.0.0.128
     rightnexthop=80.177.165.240
     rightsubnet=10.0.0.144/28
     rightsourceip=10.0.0.128
     rightid=@porlock.bristol-glass.co.uk
     rightrsasigkey=0sAQO7BpaUyeMq ...

auto=add                       # authorizes but doesn't start this
                                    # connection at startup

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

many thanks

heath

--

>> I have a network here in South Africa that needs to connect to a network in 
>> Germany via IPSEC using a preshared secret key.
>> We are trying to use a Suse Linux server with OpenSWAN here in South Africa 
>> to establish the connection to Germany so that the LANS may communicate 
>> with each other.
>> 
>> The Internal LAN range here in S.A is 192.168.0.0/24.
>> The Internal LAN range in Germany is 129.50.0.0/16.
>> Our public IP on our Linux server is 196.12.241.21.
>> The public IP on the gateway we need to connect to is 81.79.160.12
>> 
>> My problem is that when I run a (/etc/init.d/ipsec start), which I guess 
>> does something along the lines of (ipsec auto --up net-to-net), my remote 
>> SSH session to the server stops. Once this has happened, then I cannot get 
>> back into the server. My just connection times out, I can't even ping the 
>> Linux server.
>> I'm guessing that as soon as the IPSEC VPN initializes it changes my normal 
>> IP default route/gateway ?
>> Any ideas on what could be causing this ?
>> 
>> My entire /etc/ipsec.conf looks like this:
>> version 2.0
>> conn net-to-net
>>        authby=secret
>>        left=81.79.160.12
>>        leftsubnet=129.50.0.0/16
>>        leftnexthop=%defaultroute
>>        right=196.12.241.21
>>        rightsubnet=192.168.0.0/24
>>        rightnexthop=81.79.160.12
>>        auto=start
>> 
>> Unfortunately my knowlege of IPSEC is dangerous I'm sure I've got something 
>> wrong somewhere.
>> Any assistance or input would be greatly appreciated.
>> 
>> Thanks in advance !
>> 
>> 
>> Kind regards
>> 
>> David Wilson
>> CNS, CLS, Linux+
>> T: 0860-1-LINUX
>> F: 0866878971
>> M: 0824147413
>> E: support at dcdata.co.za
>> W: http://www.dcdata.co.za
>> 
>> -- 
>> This email and all contents are subject to the following disclaimer:
>> http://www.dcdata.co.za/emaildisclaimer.html
>> 
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users 
>
>
>

More information about the Users mailing list