[Openswan Users] Problem Openswan and dyndns

Andy fs at globalnetit.com
Wed May 17 14:04:49 CEST 2006 

On Wed, 2006-05-17 at 16:01 +0000, Didier PIERRE wrote:
> I've a problem with Openswan 1.0.7 and The Greenbow for connect via VPN.
> 
> At the Office:
> Ipcop 1.4.0
> IPWAN: 81.23.32.136
> 
> At home 
> PC under Windows XP using theGreenBow (VPN Client). This Client use the dyndns.org

You need to check the DNS setup. It's not working at the moment - DNS
returns NXDOMAIN:

$ dig crazyfists.dyndns.org

; <<>> DiG 9.3.1 <<>> crazyfists.dyndns.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36394
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;crazyfists.dyndns.org.         IN      A

;; AUTHORITY SECTION:
dyndns.org.             600     IN      SOA     ns1.dyndns.org. hostmaster.dyndns.org. 2948584666 600 300 604800 600


> 
> but when configure the VPN on Ipcop 1.4.0, I've this logs
> 
> 
> Vpntest ipsec__plutorun: Starting Pluto subsystem...
> May 17 17:36:00 Vpntest pluto[1865]: Starting Pluto (Openswan Version 1.0.7)
> May 17 17:36:00 Vpntest pluto[1865]:   including X.509 patch with traffic selectors (Version 0.9.42)
> May 17 17:36:00 Vpntest pluto[1865]:   including NAT-Traversal patch (Version 0.6)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
> May 17 17:36:00 Vpntest pluto[1865]: Changing to directory '/etc/ipsec.d/cacerts'
> May 17 17:36:00 Vpntest pluto[1865]:   Warning: empty directory
> May 17 17:36:00 Vpntest pluto[1865]: Changing to directory '/etc/ipsec.d/crls'
> May 17 17:36:00 Vpntest pluto[1865]:   loaded crl file 'cacrl.pem' (682 bytes)
> May 17 17:36:00 Vpntest pluto[1865]: crl issuer cacert not found
> May 17 17:36:00 Vpntest pluto[1865]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
> May 17 17:36:20 Vpntest ipsec__plutorun: whack error: "test" does not look numeric and name lookup failed "crazyfists.dyndns.org"
> May 17 17:36:20 Vpntest ipsec__plutorun: ...could not add conn "test"
> May 17 17:36:20 Vpntest pluto[1865]: listening for IKE messages
> May 17 17:36:20 Vpntest pluto[1865]: adding interface ipsec0/eth2 81.23.32.136
> May 17 17:36:20 Vpntest pluto[1865]: adding interface ipsec0/eth2 81.23.32.136:4500
> May 17 17:36:20 Vpntest pluto[1865]: loading secrets from "/etc/ipsec.secrets"
> May 17 17:36:40 Vpntest pluto[1865]: "/etc/ipsec.secrets" line 1: does not look numeric and name lookup failed "crazyfists.dyndns.org"
> May 17 17:36:40 Vpntest ipsec__plutorun: 003 "/etc/ipsec.secrets" line 1: does not look numeric and name lookup failed "crazyfists.dyndns.org"
> 
> How can I resolve this problem
> Thank's a lot.
> 
> 
> 
> 
> PS:
> my ipsec.conf:
> 
> config setup
>         interfaces=%defaultroute
>         klipsdebug=none
>         plutodebug=none
>         plutoload=%search
>         plutostart=%search
>         uniqueids=yes
>         nat_traversal=yes
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/255.255.255.0,%v4:!10.1.1.0/255.255.255.0,%v4:!172.16.1.220/255.255.255.255
> 
> conn %default
>         keyingtries=0
>         disablearrivalcheck=no
> 
> conn test
>         left=81.23.32.136
>         leftnexthop=%defaultroute
>         leftsubnet=192.168.10.0/255.255.255.0
>         right=crazyfists.dyndns.org
>         rightsubnet=172.16.1.220/255.255.255.255
>         rightnexthop=%defaultroute
>         ike=3des-sha-modp1024
>         esp=3des-sha1
>         ikelifetime=1h
>         keylife=8h
>         dpddelay=30
>         dpdtimeout=120
>         dpdaction=hold
>         authby=secret
>         auto=start
> 
> my ipsec.secrets:
> 81.23.32.136 crazyfists.dyndns.org : PSK "testvpn51"
> 
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-- 
Andy <fs at globalnetit.com>

More information about the Users mailing list