[Openswan Users] IPSEC connectivity prob
Craig Schneider
craigsc at zdata.co.za
Wed Sep 14 14:07:35 CEST 2005
Hi Guys
I am try to setup a VPN between two networks via ADSL. There are to
NetGear DG834 routers on either side and I have set them up so they
forward port 500 traffic to the Linux servers on both ends that are
running Debian Woody with FreeSwan.
196.1.2.0/24===196.1.2.254[@toti.barkers.co.za]---196.1.2.100...196.1.1.
101---165.165.153.106[@dbn.barkers.co.za]===196.1.1.0/24
Here are my configs for both sides:
----------------------------------------
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
# Help:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/quickstart.html
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/config.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html
#
# Policy groups are enabled by default. See:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.ht
ml
#
# Examples:
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/examples
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
#klipsdebug=all
#plutodebug=all
interfaces="ipsec0=eth1"
# Add connections here.
# sample VPN connection
#sample# conn sample
#sample# # Left security gateway, subnet behind it, next
hop toward right.
#sample# left=10.0.0.1
#sample# leftsubnet=172.16.0.0/24
#sample# leftnexthop=10.22.33.44
#sample# # Right security gateway, subnet behind it, next
hop toward left.
#sample# right=10.12.12.1
#sample# rightsubnet=192.168.0.0/24
#sample# rightnexthop=10.101.102.103
#sample# # To authorize this connection, but not actually
start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn toti
left=196.1.1.254
leftsubnet=196.1.1.0/24
leftid=@dbn.barkers.co.za
leftrsasigkey=0sAQN...
leftnexthop=196.1.1.101
right=barkerstoti.dyndns.org
rightsubnet=196.1.2.0/24
rightid=@toti.barkers.co.za
rightrsasigkey=0SAQPC...
rightnexthop=196.1.2.100
auto=start
Other side:
-------------
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
# Help:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/quickstart.html
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/config.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/adv_config.html
#
# Policy groups are enabled by default. See:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/policygroups.ht
ml
#
# Examples:
# http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/examples
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for
lots.
klipsdebug=all
plutodebug=all
# Add connections here.
# sample VPN connection
#sample# conn sample
#sample# # Left security gateway, subnet behind it, next
hop toward right.
#sample# left=10.0.0.1
#sample# leftsubnet=172.16.0.0/24
#sample# leftnexthop=10.22.33.44
#sample# # Right security gateway, subnet behind it, next
hop toward left.
#sample# right=10.12.12.1
#sample# rightsubnet=192.168.0.0/24
#sample# rightnexthop=10.101.102.103
#sample# # To authorize this connection, but not actually
start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn durbs
left=196.1.2.254
leftsubnet=196.1.2.0/24
leftid=@toti.barkers.co.za
leftrsasigkey=0sAQPC...
leftnexthop=196.1.2.100
right=barkersdbn.dyndns.org
rightsubnet=196.1.1.0/24
rightid=@dbn.barkers.co.za
rightrsasigkey=0sAQN...
rightnexthop=196.1.1.101
auto=start
Error message from auth.log:
----------------------------------
Sep 14 12:35:26 gw pluto[7516]: "durbs" #1: ERROR: asynchronous network
error report on eth0 for message to 165.165.171.126 port 500,
complainant 165.165.171.126: Connection refused [errno 111, origin ICMP
type 3 code 3 (not authenticated)]
Sep 14 12:35:26 gw pluto[7516]: | next event EVENT_RETRANSMIT in 20
seconds for #1
More information about the Users
mailing list