[Openswan Users] Subnets conmunication?

IT Dept. it at technovation.com.sv
Wed Jun 6 11:04:58 EDT 2007 

Ok....here is my last conf


conn sucursal_40
	authby=secret
	auto=add
	esp=3des-md5
	ikelifetime=3600s
	keylife=3600s
	left=208.70.149.161
	leftrsasigkey=(the Key)
	leftsubnet=192.168.0.0/16
	pfs=yes
	right=190.53.0.113
	rightsubnet=192.168.40.0/24

conn sucursal_50
	authby=secret
	auto=add
	esp=3des-md5
	ikelifetime=3600s
	keylife=3600s
	left=208.70.149.161
	leftrsasigkey=(the Key)
	leftsubnet=192.168.0.0/16
	pfs=yes
	right=%any
	rightsubnet=192.168.50.0/24


and this is the log

Jun  6 09:59:29 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1:
responding to Main Mode from unknown peer 66.201.165.11
Jun  6 09:59:29 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[1] 66.201.165.11 #1: Main
mode peer ID is ID_IPV4_ADDR: '10.8.213.31'
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #1: deleting
connection "sucursal_50" instance with peer 66.201.165.11
{isakmp=#0/ipsec=#0}
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #1: I did
not send a certificate because I do not have one.
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #2:
responding to Quick Mode {msgid:763f514c}
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #2:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun  6 09:59:30 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #2:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Jun  6 09:59:31 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #2:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2


Jun  6 09:59:31 vpn pluto[5269]: "sucursal_50"[2] 66.201.165.11 #2:
STATE_QUICK_R2: IPsec SA established {ESP=>0x80f41efc <0x9623ac90 



xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
Jun  6 09:59:37 vpn pluto[5269]: "sucursal_40" #3: responding to Main Mode
Jun  6 09:59:37 vpn pluto[5269]: "sucursal_40" #3: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Jun  6 09:59:37 vpn pluto[5269]: "sucursal_40" #3: STATE_MAIN_R1: sent MR1,
expecting MI2
Jun  6 09:59:38 vpn pluto[5269]: "sucursal_40" #3: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Jun  6 09:59:38 vpn pluto[5269]: "sucursal_40" #3: STATE_MAIN_R2: sent MR2,
expecting MI3
Jun  6 09:59:40 vpn pluto[5269]: "sucursal_40" #3: Main mode peer ID is
ID_IPV4_ADDR: '190.53.0.113'
Jun  6 09:59:40 vpn pluto[5269]: "sucursal_40" #3: I did not send a
certificate because I do not have one.
Jun  6 09:59:40 vpn pluto[5269]: "sucursal_40" #3: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Jun  6 09:59:40 vpn pluto[5269]: "sucursal_40" #3: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}
Jun  6 09:59:41 vpn pluto[5269]: "sucursal_40" #4: responding to Quick Mode
{msgid:720c424e}
Jun  6 09:59:41 vpn pluto[5269]: "sucursal_40" #4: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Jun  6 09:59:41 vpn pluto[5269]: "sucursal_40" #4: STATE_QUICK_R1: sent QR1,
inbound IPsec SA installed, expecting QI2
Jun  6 09:59:43 vpn pluto[5269]: "sucursal_40" #4: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2


Jun  6 09:59:43 vpn pluto[5269]: "sucursal_40" #4: STATE_QUICK_R2: IPsec SA
established {ESP=>0xdf2786d4 <0x4c0b74b3 xfrm=3DES_0-HMAC_MD5 NATD=none
DPD=none}

But I cant ping between subnets.....

Hector


-----Mensaje original-----
De: Peter McGill [mailto:petermcgill at goco.net] 
Enviado el: Miércoles, 06 de Junio de 2007 08:00 a.m.
Para: it at technovation.com.sv
CC: users at openswan.org
Asunto: RE: [Openswan Users] Subnets conmunication?

> -----Original Message-----
> Date: Wed, 6 Jun 2007 07:51:10 -0600
> From: "IT Dept." <it at technovation.com.sv>
> Subject: Re: [Openswan Users] Subnets conmunication?
> To: <users at openswan.org>
> 
> Hi there...
> 
> 	I know you help me a lot, but sincerely i cant get this 
> to work...
> 	Do you have another idea ???
> 
> 	Hector

Well, you only have one router with a dynamic ip, the others
Are static. As long as this remains true, you could hook up
The linksys routers directly, without openswan. I actually
Think it makes more networking sense, cause it's simpler,
And more efficient.

Just setup tunnels for this:
A 192.168.40.0/24 link to C 192.168.60.0/24
B 192.168.50.0/24 link to A 192.168.40.0/24
B 192.168.50.0/24 link to C 192.168.60.0/24

The only catch is B must start the tunnels to A and C.
Because A and C don't know the B's ip to connect to.

Peter



-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.472 / Virus Database: 269.8.9/832 - Release Date: 04/06/2007
06:43 p.m.

More information about the Users mailing list