[Openswan Users] Tunnel not established

Paul Wouters paul at xelerance.com
Sat Mar 17 19:13:41 EDT 2007 

On Sat, 17 Mar 2007, Thorsten Mauch wrote:

> I try to run a simple net conection found in the openswan book at page
> 86, my ipsec.conf:

> interfaces=%defaultroute

> conn imkenberg-testnet
> left=212.48.115.43
> leftsubnet=10.0.1.0/24
> right=212.48.115.44
> rightsubnet=192.168.9.0/24
> type=tunnel
> leftrsasigkey=0sAQOCtAbIjJv4...
> rightrsasigkey=0sAQNs19gA4eP..
> auto=start

> #Disable Opportunistic Encryption
>
> include /etc/ipsec.d/examples/no_oe.conf
>
> when  is start ipsec in foudn in my syslog:
> Mar 17 22:48:17 gate ipsec__plutorun: 104 "imkenberg-testnet" #1:
> STATE_MAIN_I1: initiate
> Mar 17 22:48:17 gate ipsec__plutorun: ...could not start conn
> "imkenberg-testnet"

You are using interfaces=%defaultroute, but perhaps your machine has
not default route? Or the defaultroute is not there when ipsec starts,
for instance because it is over PPPoE?

What does: ipsec auto --add imkenberg-testnet say? and if no errors
what does ipsec auto --up imkenberg-testnet say?

> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: responding to
> Main Mode
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: transition
> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: STATE_MAIN_R1:
> sent MR1, expecting MI2
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: transition
> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: STATE_MAIN_R2:
> sent MR2, expecting MI3
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: Main mode peer
> ID is ID_IPV4_ADDR: '212.48.115.44'
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: I did not send
> a certificate because I do not have one.
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: transition
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #1: STATE_MAIN_R3:
> sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
> cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #2: responding to
> Quick Mode {msgid:09001001}
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #2: transition
> from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #2:
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #2: transition
> from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Mar 17 22:18:23 gate pluto[3955]: "imkenberg-testnet" #2:
> STATE_QUICK_R2: IPsec SA established {ESP=>0xc2471bb2 <0x8ed6e518
> xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}

It looks like it just worked fine.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list