[Openswan Users] seek help for connectiong linksys client to openswan server

hasan murad muradcsc at yahoo.com
Tue Sep 5 08:53:38 EDT 2006 

Dear all
I am trying to establish IPsec tunnel between openwan linux as server and windows xp  linksys ipsec tool as client.
  [] My network scenerio is as follows:
        
        192.168.30.5                         192.168.30.155
        windows xp client<------------------->Openswan-2.2.0-8
        Lnksys ipsec                         debin sarge Linux server   
   
  [] My linux server has got two ethernet card and they are NATed
   eth0 ip : 192.168.30.155
 eth1 ip : 192.168.50.1
  
I have followed step by step procedure of Nate Carlson's instruction. and success fully generated all pen and p12 file.
   
  [] My ipsec server is running and ipsec verify produce follwing result
  # ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                         [OK]
Linux Openswan U2.2.0/K2.4.27-2-386 (native)
Checking for IPsec support in kernel                                    [OK]
Checking for RSA private key (/etc/ipsec.secrets)                       [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                          [OK]
Two or more interfaces found, checking IP forwarding                    [OK]
Checking NAT and MASQUERADEing                                          [N/A]
Checking for 'ip' command                                               [OK]
Checking for 'iptables' command                                         [OK]
Checking for 'setkey' command for native IPsec stack support            [OK]
  Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: debian                          [MISSING]
   Does the machine have at least one non-private address?              [FAILED]
  [] My Openswan /etc/ipsec.conf is as follows:
  debian:/etc# vi ipsec.conf
version 2.0
  config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
  conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
  conn roadwarrior
        left=%any
        right=192.168.30.5
        rightca="C=US,ST=AZ/O=Brotecs technology Ltd.,OU=brotecs,CN=murad,emailAddress=murad at brotecs.com"
        network=auto
        auto=start
        pfs=yes
  conn roadwarrior-net
        left=%any
        right=192.168.30.5
        rightsubnet= 192.168.30.0/255.255.255
        rightca="C=US,ST=AZ/O=Brotecs technology Ltd.,OU=brotecs,CN=murad,emailAddress=murad at brotecs.com"
        network=auto
        auto=start
        pfs=yes
  conn block
        auto=ignore
  conn private
        auto=ignore
  conn private-or-clear
        auto=ignore
  My Linksys IPsec tool configurtion is as follows:-
Local Side of the tunnel
 IP Address : 192.168.30.5
 Local Address/netmask :192.168.30.5/255.255.255.255
 
Remote Side of the tunnel
  VPN Gateway : 192.168.30.155
  Remote Internal IP: 192.168.50.1
  Private Address/netmask :192.168.50.0/255.255.255.0
  IPsec Option
 Authenticatio Method is certificate
 value showing C="US", S="AZ", O="Brotecs technology Ltd.", OU="brotecs", CN="murad", E="murad at brotecs.com"
  other parameter is as default
  Unfortunately It is not connecting with server
  Lynksys log shows as following:
  18:16:21: Starting Tunnel
  18:16:21: IKE Encryption: 3des
IKE Integrity: md5
Remote Gateway Address: 192.168.30.155
Remote Monitor Address: 192.168.50.1
Remote Network: 192.168.50.0/255.255.255.0
Local Address: 192.168.30.5
Local Network: 192.168.30.5/255.255.255.255
  18:16:22: 15 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
  18:16:27: 30 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
  18:16:32: 45 Consecutive Unsuccessfull ECHO REQUEST [ Waiting 5 Secs ]...
  
[] for addition information I did NOT go through Create a IPSEC + Certificates MMC
Start/Run/MMC
File (or Console) - Add/Remove Snap-in
Click on 'Add'
Click on 'Certificates', then 'Add'
Select 'Computer Account', and 'Next'.
Select 'Local computer', and 'Finish'.
Click on 'IP Security Policy Management', and 'Add'.
Select 'Local Computer', and 'Finish'
Click 'Close' then 'OK'
  Becuse i am assuming that Lnksys ipsec tool is enough for the certificate part.
 
Can anyone tell me what is wrong in above configurtion or why it's not connecting?? Please help me??
  Regards,
  Murad.
Email : muradcsc at yahoo.com

 		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060905/bc419308/attachment.html

More information about the Users mailing list