[Openswan Users] problem setting up roadwarriors

TESTVPN R119LNXADM testvpn.r119lnxadm at googlemail.com
Mon May 7 03:09:47 EDT 2007 

Hi there,

I have some problems setting up a working roadwarrior connection.

I'am able to setup a normal connection with the net-to-net as defined on the
openswan website.
but the roadwarrior connection is a problem. can any of you guys look into
to this problem because it constantly gives the error


Ipsec is working correctly

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec
on-path                                                  [OK]
Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
Checking for IPsec support in
kernel                                             [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)
[OK]
Checking that pluto is
running                                                       [OK]
Two or more interfaces found, checking IP forwarding                   [OK]
Checking NAT and MASQUERADEing
[N/A]
Checking for 'ip'
command                                                            [OK]
Checking for 'iptables'
command                                                  [OK]
Opportunistic Encryption
Support                                              [DISABLED]


The Gateway

#
#File: /etc/ipsec.conf
#
conn road
    left=172.16.12.33                       # Gateway's information
    leftid=@r119-lnx-adm                #
    leftsubnet=255.255.0.0/24        #
    leftrsasigkey=0sAQNn+Bw0b     #
    rightnexthop=%default              # correct in many situations
    right=%any                                # Wildcard: we don't know the
laptop's IP
    rightid=@road.douwe.com        #
    rightrsasigkey=0sAQPNANYL     #
    auto=start                                 # authorizes but doesn't
start this
                                                       # connection at
startup


The Roadwarrior

#
#File: /etc/ipsec.conf
#
conn road
    left=%defaultroute                     # Picks up our dynamic IP
    leftid=@road.douwe.com           # Local information
    leftrsasigkey=0sAQPNANYL       #
    right=172.16.12.33                    # Remote information
    rightsubnet=255.255.0.0/24       #
    rightid=@xy.example.com         #
    rightrsasigkey=0sAQNn+Bw0b  #
    auto=start                                  # authorizes but doesn't
start this
                                                       # connection at
startup


Ipsec auto --status

000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 172.16.12.33
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000
000


Ipsec auto --up road

021 no connection named "road"


Rather strange, if one of you guys know the answer to my problem I'am
looking forward to here from you,

Sincerly yours,

Tjeard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070507/7c1d96a4/attachment-0001.html

More information about the Users mailing list