[Openswan Users] seek help for connection linksys ipsec client with openswan linux server

hasan murad muradcsc at yahoo.com
Tue Sep 5 09:21:21 EDT 2006 

Dear all
I am trying to establish IPsec tunnel between openwan
linux as server and windows xp  linksys ipsec tool as
client.

[] My network scenerio is as follows:
        
        192.168.30.5                        
192.168.30.155
        windows xp
client<------------------->Openswan-2.2.0-8
        Lnksys ipsec                        	debin 3.1
sarge Linux server   

[] My linux server has got two ethernet card and they
are NATed

	eth0 ip : 192.168.30.155
	eth1 ip : 192.168.50.1


I have followed step by step procedure of Nate
Carlson's instruction. and success fully generated all
pen and p12 file.

[] My ipsec server is running and ipsec verify produce
follwing result

# ipsec verify
Checking your system to see if IPsec got installed and
started correctly:
Version check and ipsec on-path                       
                 [OK]
Linux Openswan U2.2.0/K2.4.27-2-386 (native)
Checking for IPsec support in kernel                  
                 [OK]
Checking for RSA private key (/etc/ipsec.secrets)     
                 [FAILED]
ipsec showhostkey: no default key in
"/etc/ipsec.secrets"
Checking that pluto is running                        
                 [OK]
Two or more interfaces found, checking IP forwarding  
                 [OK]
Checking NAT and MASQUERADEing                        
                 [N/A]
Checking for 'ip' command                             
                 [OK]
Checking for 'iptables' command                       
                 [OK]
Checking for 'setkey' command for native IPsec stack
support            [OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: debian        
                 [MISSING]
   Does the machine have at least one non-private
address?              [FAILED]

[] My Openswan /etc/ipsec.conf is as follows:

debian:/etc# vi ipsec.conf
version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior
        left=%any
        right=192.168.30.5
        rightca="C=US,ST=AZ/O=Brotecs technology
Ltd.,OU=brotecs,CN=murad,emailAddress=murad at brotecs.com"
        network=auto
        auto=start
        pfs=yes

conn roadwarrior-net
        left=%any
        right=192.168.30.5
        rightsubnet= 192.168.30.0/255.255.255
        rightca="C=US,ST=AZ/O=Brotecs technology
Ltd.,OU=brotecs,CN=murad,emailAddress=murad at brotecs.com"
        network=auto
        auto=start
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

My Linksys IPsec tool configurtion is as follows:-
Local Side of the tunnel
	IP Address : 192.168.30.5
	Local Address/netmask :192.168.30.5/255.255.255.255
	
Remote Side of the tunnel
  VPN Gateway : 192.168.30.155
  Remote Internal IP: 192.168.50.1
  Private Address/netmask :192.168.50.0/255.255.255.0

IPsec Option
 Authenticatio Method is certificate
 value showing C="US", S="AZ", O="Brotecs technology
Ltd.", OU="brotecs", CN="murad", E="murad at brotecs.com"

other parameter is as default

Unfortunately It is not connecting with server

Lynksys log shows as following:

18:16:21: Starting Tunnel

18:16:21: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 192.168.30.155
Remote Monitor Address: 192.168.50.1
Remote Network: 192.168.50.0/255.255.255.0
Local Address: 192.168.30.5
Local Network: 192.168.30.5/255.255.255.255

18:16:22: 15 Consecutive Unsuccessfull ECHO REQUEST [
Waiting 5 Secs ]...

18:16:27: 30 Consecutive Unsuccessfull ECHO REQUEST [
Waiting 5 Secs ]...

18:16:32: 45 Consecutive Unsuccessfull ECHO REQUEST [
Waiting 5 Secs ]...


[] for addition information I did NOT go through
Create a IPSEC + Certificates MMC
Start/Run/MMC
File (or Console) - Add/Remove Snap-in
Click on 'Add'
Click on 'Certificates', then 'Add'
Select 'Computer Account', and 'Next'.
Select 'Local computer', and 'Finish'.
Click on 'IP Security Policy Management', and 'Add'.
Select 'Local Computer', and 'Finish'
Click 'Close' then 'OK'

Because i am assuming that Lnksys ipsec tool is enough
for the certificate part.
 
Can anyone tell me what is wrong in above configurtion
or why it's not connecting?? Please help me??

Regards,

Murad.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Users mailing list