[Openswan Users] Help with configuration

Andy Gay andy at andynet.net
Wed Aug 2 10:59:10 EDT 2006 

On Wed, 2006-08-02 at 21:43 +0200, nook30 at interia.pl wrote:
> Hello
> 
> I'am beginner with ipsec.
> Would someone be so kind and help me with teh following configuration ?
> I would like connect from my home PC (windows XP) to my company network.
> 
> 
> company network ----- linux router ----- INTERNET ------- my home pc
> 
> company network = 192.168.1.0/24
> linux router = 215.115.12.50 (gateway is 215.115.12.49)
> my home pc = 193.190.200.7 
> 
> 
> I instaled Linux Openswan U2.4.6rc2/K2.6.17.7
> 
> /usr/local/sbin/ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.6rc2/K2.6.17.7 (netkey)
> Checking for IPsec support in kernel                            [OK]
> NETKEY detected, testing for disabled ICMP send_redirects       [OK]
> NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
> Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
>   ipsec showhostkey: no default key in "/etc/ipsec.secrets"
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [OK]
> Checking NAT and MASQUERADEing
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> 
> 
> my /etc/ipsec.conf
> version 2.0
> 
> config setup
>  interfaces="ipsec0=eth0"
>  nat_traversal=no
> 
> conn %default
>  keyingtries=1
>  compress=yes
>  disablearrivalcheck=no
>  authby=secret
>  leftrsasigkey=%cert
>  rightrsasigkey=%cert
> 
> conn company
>  type = tunnel
>  left=215.115.12.50
>  leftsubnet=192.168.1.0/24
>  leftnexthop=215.115.12.49
>  right=193.190.200.7
>  auto=add
>  pfs=yes
> 
> -----
>  cat /etc/ipsec.secrets
> 215.115.12.50 192.168.1.111: PSK "password"
> ----
> 
> i download ipsec vpn client to my home pc and configured it but i am not able to connect :(
> on my linux router I have in /var/log/secure:
> Aug  2 11:12:18 sercer pluto[5262]: "company" #1: cannot respond to IPsec SA request because no connection is known for 192.168.1.0/24===215.115.12.50...193.190.200.7===192.168.1.111/32

Seems you need rightsubnet=192.168.1.111/32

> Aug  2 21:12:25 server pluto[5262]: "company" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x565582bb (perhaps this is a duplicated packet)
> Aug  2 21:12:25 server pluto[5262]: "company" #1: sending encrypted notification INVALID_MESSAGE_ID to 193.190.200.7:500
> 
> ----
> 
> Would someone help me ?
> i start my ipsec by "/usr/local/sbin/ipsec setup --start" then "/usr/local/sbin/ipsec auto --add company" and "/usr/local/sbin/ipsec auto --ip company"
> Am I doing it right ?
> 
> Pharse 1 (authentication) gone well but step (pharse 2) didn't (with above errors in secure log)
> 
> Can someone check my configuration and help me ?
> of course i can send output from any linux command you need.
> 
> best regards 
> SNAP
> 
> 
> 
> 
> 
> "
> 
> ------------------------------------------------------------------------
> Szybko i tanio ubezpiecz samochod!
> Kupno polisy zajmie Ci 15 minut! Kontakt przez telefon albo Internet.
> Kliknij i sprawdz: http://link.interia.pl/f198b
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155

More information about the Users mailing list