[Openswan Users] Help with configuration

nook30 at interia.pl nook30 at interia.pl
Wed Aug 2 16:43:56 EDT 2006


I'am beginner with ipsec.
Would someone be so kind and help me with teh following configuration ?
I would like connect from my home PC (windows XP) to my company network.

company network ----- linux router ----- INTERNET ------- my home pc

company network =
linux router = (gateway is
my home pc = 

I instaled Linux Openswan U2.4.6rc2/K2.6.17.7

/usr/local/sbin/ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.6rc2/K2.6.17.7 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]

my /etc/ipsec.conf
version 2.0

config setup

conn %default

conn company
 type = tunnel

 cat /etc/ipsec.secrets PSK "password"

i download ipsec vpn client to my home pc and configured it but i am not able to connect :(
on my linux router I have in /var/log/secure:
Aug  2 11:12:18 sercer pluto[5262]: "company" #1: cannot respond to IPsec SA request because no connection is known for
Aug  2 21:12:25 server pluto[5262]: "company" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x565582bb (perhaps this is a duplicated packet)
Aug  2 21:12:25 server pluto[5262]: "company" #1: sending encrypted notification INVALID_MESSAGE_ID to


Would someone help me ?
i start my ipsec by "/usr/local/sbin/ipsec setup --start" then "/usr/local/sbin/ipsec auto --add company" and "/usr/local/sbin/ipsec auto --ip company"
Am I doing it right ?

Pharse 1 (authentication) gone well but step (pharse 2) didn't (with above errors in secure log)

Can someone check my configuration and help me ?
of course i can send output from any linux command you need.

best regards 


Szybko i tanio ubezpiecz samochod! 
Kupno polisy zajmie Ci 15 minut! Kontakt przez telefon albo Internet. 
Kliknij i sprawdz: http://link.interia.pl/f198b

More information about the Users mailing list