[Openswan Users] Simple configuration: ping OK, telnet fails
Mihajlo Cvetanović
mac at netset.co.yu
Mon Mar 20 17:12:53 CET 2006
Hi all,
I'm fairly new to both Linux and IPsec administration, so I would need
some help here. My configuration contains PC clients behind Fedora Core
4 gateways, and is as following:
PC_one: 1.100.200.2/24
fc4_left: eth1:1.100.200.3/24, eth0:10.0.0.3/8
fc4_right: eth0:10.0.0.22/8, eth1:80.80.80.22/24
PC_two: 80.80.80.30/24
IP routing is set up, and ping works, however telnet doesn't work. Does
anybody knows what's wrong here?
===========================================================================
Most relevant lines in log file probably are (same for fc4_right, with
"10.0.0.22" instead of "10.0.0.3", and "fc4_right" instead of "localhost"):
---------------------------------------------------------------------------
Mar 20 10:56:10 localhost kernel: NET: Registered protocol family 15
Mar 20 10:56:10 localhost ipsec_setup: KLIPS ipsec0 on eth0
10.0.0.3/255.0.0.0 broadcast 10.255.255.255
Mar 20 10:56:11 localhost ipsec_setup: ...Openswan IPsec started
Mar 20 10:56:11 localhost ipsec_setup: Starting Openswan IPsec 2.4.4...
Mar 20 10:56:11 localhost ipsec_setup: insmod
/lib/modules/2.6.11-1.1369_FC4/kernel/net/key/af_key.ko
Mar 20 10:56:11 localhost ipsec_setup: insmod
/lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/xfrm4_tunnel.ko
Mar 20 10:56:12 localhost ipsec__plutorun: 104 "net-to-net" #1:
STATE_MAIN_I1: initiate
Mar 20 10:56:12 localhost ipsec__plutorun: ...could not start conn
"net-to-net"
===========================================================================
===========================================================================
ipsec.conf on both computers is the same:
---------------------------------------------------------------------------
version 2.0
config setup
interfaces="ipsec0=eth0"
plutodebug="control parsing"
conn net-to-net
left=10.0.0.3
leftsubnet=1.100.200.0/24
leftrsasigkey=0sAQNUe...
right=10.0.0.22
rightsubnet=80.80.80.0/24
rightrsasigkey=0sAQNnr...
auto=start
include /etc/ipsec.d/examples/no_oe.conf
===========================================================================
===========================================================================
ipsec.secrets for fc4_right looks like this (similar for fc4_left):
---------------------------------------------------------------------------
: RSA {
#pubkey=0sAQNnr...
Modulus: 0x67ad...
PublicExponent: 0x03
# everything after this point is secret
PrivateExponent: 0x1147...
Prime1: 0xaa11...
Prime2: 0x9c0f...
Exponent1: 0x7161...
Exponent2: 0x680a...
Coefficient: 0x71bd...
}
===========================================================================
More information about the Users
mailing list