[Openswan Users] openswan net to net configuration

Alain JUPIN ajupin at sigmapole.fr
Mon Mar 6 13:08:00 CET 2006 

Hi,

This is my problem, I want to connect to subnet via a VPN tunnel using 
OpenSwan.
Because I use Gentoo Linux on each gateway, I've follow this HOW-TO 
http://gentoo-wiki.com/HOWTO_OpenSwan_2.6_kernel

This is my ipsec.conf files (it is the some on each gateways):

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $

# This file:  /usr/share/doc/openswan-2.4.4/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control klips pfkey natt x509 private"
        # eg:
        # plutodebug="control parsing"
        #
        # Only enable klipsdebug=all if you are a developer
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        # nat_traversal=yes
        # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

# Add connections here

conn sigma
        left=83.206.137.225
        leftsubnet=192.168.1.0/24
        leftnexthop=%defaultroute
        leftid=@mail.sigmapole.fr
        leftrsasigkey=0sAQNP/w1e0H00U....pRBxG7shc92MStb
        right=82.224.134.170
        rightsubnet=192.168.0.0/24
        rightnexthop=%defaultroute
        rightid=@aldebaran.jupin.net
        rightrsasigkey=0sAQOUNQLt62svy....TE3ivFvwjU4Eh1/
        authby=rsasig
        auto=add

#Disable Opportunistic Encryption
include /etc/ipsec/ipsec.d/examples/no_oe.conf

When I try to inititae the tunnel with ipsec auto --up sigma

This result in the following errors
104 "sigma" #1: STATE_MAIN_I1: initiate
003 "sigma" #1: received Vendor ID payload [Openswan (this version) 
2.4.4  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "sigma" #1: received Vendor ID payload [Dead Peer Detection]
106 "sigma" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "sigma" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sigma" #1: ignoring informational payload, type INVALID_KEY_INFORMATION
003 "sigma" #1: received and ignored informational message

What does the message "INVALID_KEY_INFORMATION" means ?

I don't see where are my mistake(s).

Can Someone help me ?

Thanks

Alain JUPIN

More information about the Users mailing list