[Openswan Users] Help with configuration

nook30 at interia.pl nook30 at interia.pl
Wed Aug 2 16:43:56 EDT 2006 

Hello

I'am beginner with ipsec.
Would someone be so kind and help me with teh following configuration ?
I would like connect from my home PC (windows XP) to my company network.


company network ----- linux router ----- INTERNET ------- my home pc

company network = 192.168.1.0/24
linux router = 215.115.12.50 (gateway is 215.115.12.49)
my home pc = 193.190.200.7 


I instaled Linux Openswan U2.4.6rc2/K2.6.17.7

/usr/local/sbin/ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.6rc2/K2.6.17.7 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]


my /etc/ipsec.conf
version 2.0

config setup
 interfaces="ipsec0=eth0"
 nat_traversal=no

conn %default
 keyingtries=1
 compress=yes
 disablearrivalcheck=no
 authby=secret
 leftrsasigkey=%cert
 rightrsasigkey=%cert

conn company
 type = tunnel
 left=215.115.12.50
 leftsubnet=192.168.1.0/24
 leftnexthop=215.115.12.49
 right=193.190.200.7
 auto=add
 pfs=yes

-----
 cat /etc/ipsec.secrets
215.115.12.50 192.168.1.111: PSK "password"
----

i download ipsec vpn client to my home pc and configured it but i am not able to connect :(
on my linux router I have in /var/log/secure:
Aug  2 11:12:18 sercer pluto[5262]: "company" #1: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===215.115.12.50...193.190.200.7===192.168.1.111/32
Aug  2 21:12:25 server pluto[5262]: "company" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x565582bb (perhaps this is a duplicated packet)
Aug  2 21:12:25 server pluto[5262]: "company" #1: sending encrypted notification INVALID_MESSAGE_ID to 193.190.200.7:500

----

Would someone help me ?
i start my ipsec by "/usr/local/sbin/ipsec setup --start" then "/usr/local/sbin/ipsec auto --add company" and "/usr/local/sbin/ipsec auto --ip company"
Am I doing it right ?

Pharse 1 (authentication) gone well but step (pharse 2) didn't (with above errors in secure log)

Can someone check my configuration and help me ?
of course i can send output from any linux command you need.

best regards 
SNAP





"

------------------------------------------------------------------------
Szybko i tanio ubezpiecz samochod! 
Kupno polisy zajmie Ci 15 minut! Kontakt przez telefon albo Internet. 
Kliknij i sprawdz: http://link.interia.pl/f198b

More information about the Users mailing list