[Openswan Users] Problem Openswan and dyndns
Didier PIERRE
dpierre at aressi.fr
Wed May 17 17:01:26 CEST 2006
I've a problem with Openswan 1.0.7 and The Greenbow for connect via VPN.
At the Office:
Ipcop 1.4.0
IPWAN: 81.23.32.136
At home
PC under Windows XP using theGreenBow (VPN Client). This Client use the dyndns.org
but when configure the VPN on Ipcop 1.4.0, I've this logs
Vpntest ipsec__plutorun: Starting Pluto subsystem...
May 17 17:36:00 Vpntest pluto[1865]: Starting Pluto (Openswan Version 1.0.7)
May 17 17:36:00 Vpntest pluto[1865]: including X.509 patch with traffic selectors (Version 0.9.42)
May 17 17:36:00 Vpntest pluto[1865]: including NAT-Traversal patch (Version 0.6)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
May 17 17:36:00 Vpntest pluto[1865]: Changing to directory '/etc/ipsec.d/cacerts'
May 17 17:36:00 Vpntest pluto[1865]: Warning: empty directory
May 17 17:36:00 Vpntest pluto[1865]: Changing to directory '/etc/ipsec.d/crls'
May 17 17:36:00 Vpntest pluto[1865]: loaded crl file 'cacrl.pem' (682 bytes)
May 17 17:36:00 Vpntest pluto[1865]: crl issuer cacert not found
May 17 17:36:00 Vpntest pluto[1865]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
May 17 17:36:20 Vpntest ipsec__plutorun: whack error: "test" does not look numeric and name lookup failed "crazyfists.dyndns.org"
May 17 17:36:20 Vpntest ipsec__plutorun: ...could not add conn "test"
May 17 17:36:20 Vpntest pluto[1865]: listening for IKE messages
May 17 17:36:20 Vpntest pluto[1865]: adding interface ipsec0/eth2 81.23.32.136
May 17 17:36:20 Vpntest pluto[1865]: adding interface ipsec0/eth2 81.23.32.136:4500
May 17 17:36:20 Vpntest pluto[1865]: loading secrets from "/etc/ipsec.secrets"
May 17 17:36:40 Vpntest pluto[1865]: "/etc/ipsec.secrets" line 1: does not look numeric and name lookup failed "crazyfists.dyndns.org"
May 17 17:36:40 Vpntest ipsec__plutorun: 003 "/etc/ipsec.secrets" line 1: does not look numeric and name lookup failed "crazyfists.dyndns.org"
How can I resolve this problem
Thank's a lot.
PS:
my ipsec.conf:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/255.255.255.0,%v4:!10.1.1.0/255.255.255.0,%v4:!172.16.1.220/255.255.255.255
conn %default
keyingtries=0
disablearrivalcheck=no
conn test
left=81.23.32.136
leftnexthop=%defaultroute
leftsubnet=192.168.10.0/255.255.255.0
right=crazyfists.dyndns.org
rightsubnet=172.16.1.220/255.255.255.255
rightnexthop=%defaultroute
ike=3des-sha-modp1024
esp=3des-sha1
ikelifetime=1h
keylife=8h
dpddelay=30
dpdtimeout=120
dpdaction=hold
authby=secret
auto=start
my ipsec.secrets:
81.23.32.136 crazyfists.dyndns.org : PSK "testvpn51"
More information about the Users
mailing list