[Openswan Users] problem setting up roadwarriors

Utkarsh Shah utkarsh at elitecore.com
Tue May 8 05:04:01 EDT 2007 

Hi,

before opening tunnel you have to add it first.
for that you have to execute
       ipsec auto --add <Connection Name>
then use
       ipsec auto --up <Connection Name>
at roadwarrior (laptop) and only ipsec auto --add at server(gateway).

Regards,
Utkarsh Shah

> Hi there,
>
> I have some problems setting up a working roadwarrior connection.
>
> I'am able to setup a normal connection with the net-to-net as defined on the
> openswan website.
> but the roadwarrior connection is a problem. can any of you guys look into
> to this problem because it constantly gives the error
>
>
> Ipsec is working correctly
>
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec
> on-path                                                  [OK]
> Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
> Checking for IPsec support in
> kernel                                             [OK]
> NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]
>
>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!
>
> NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]
>
>   Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
>   or NETKEY will accept bogus ICMP redirects!
>
> Checking for RSA private key (/etc/ipsec.secrets)
> [OK]
> Checking that pluto is
> running                                                       [OK]
> Two or more interfaces found, checking IP forwarding                   [OK]
> Checking NAT and MASQUERADEing
> [N/A]
> Checking for 'ip'
> command                                                            [OK]
> Checking for 'iptables'
> command                                                  [OK]
> Opportunistic Encryption
> Support                                              [DISABLED]
>
>
> The Gateway
>
> #
> #File: /etc/ipsec.conf
> #
> conn road
>     left=172.16.12.33                       # Gateway's information
>     leftid=@r119-lnx-adm                #
>     leftsubnet=255.255.0.0/24        #
>     leftrsasigkey=0sAQNn+Bw0b     #
>     rightnexthop=%default              # correct in many situations
>     right=%any                                # Wildcard: we don't know the
> laptop's IP
>     rightid=@road.douwe.com        #
>     rightrsasigkey=0sAQPNANYL     #
>     auto=start                                 # authorizes but doesn't
> start this
>                                                        # connection at
> startup
>
>
> The Roadwarrior
>
> #
> #File: /etc/ipsec.conf
> #
> conn road
>     left=%defaultroute                     # Picks up our dynamic IP
>     leftid=@road.douwe.com           # Local information
>     leftrsasigkey=0sAQPNANYL       #
>     right=172.16.12.33                    # Remote information
>     rightsubnet=255.255.0.0/24       #
>     rightid=@xy.example.com         #
>     rightrsasigkey=0sAQNn+Bw0b  #
>     auto=start                                  # authorizes but doesn't
> start this
>                                                        # connection at
> startup
>
>
> Ipsec auto --status
>
> 000 interface lo/lo ::1
> 000 interface lo/lo 127.0.0.1
> 000 interface eth1/eth1 172.16.12.33
> 000 %myid = (none)
> 000 debug none
> 000
> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> keysizemax=64
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> keysizemax=192
> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
> keysizemax=448
> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> keysizemax=0
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> keysizemax=256
> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
> 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> keysizemin=256, keysizemax=256
> 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
> 000
> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> keydeflen=192
> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> keydeflen=128
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> 000
> 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> trans={0,0,0} attrs={0,0,0}
> 000
> 000
> 000
>
>
> Ipsec auto --up road
>
> 021 no connection named "road"
>
>
> Rather strange, if one of you guys know the answer to my problem I'am
> looking forward to here from you,
>
> Sincerly yours,
>
> Tjeard
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.openswan.org/pipermail/users/attachments/20070507/7c1d96a4/attachment.html 
>
> ------------------------------
>
> Message: 4
> Date: Mon, 7 May 2007 17:15:38 -0700
> From: "Gupta, Praveen" <pgupta at road-inc.com>
> Subject: [Openswan Users] IPSec Guru needed
> To: <users at openswan.org>
> Message-ID:
> 	<A144B9267726CE4DB883D7EC0F19D51C03BBAA53 at mail4.atroad.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
>  
>
> I am a newbie to Openswan. Sorry for this posting in advance, if it is
> out of place.
>
>  
>
> We are looking for an OpenSwan Guru in Bay-area for about 3-month
> consulting assignment. If anybody is interested then please respond to
> my email.
>
>  
>
> WiFi & Radius experience is desirable.
>
>  
>
> Thx, -Praveen
>
>  
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.openswan.org/pipermail/users/attachments/20070507/07c4ae94/attachment.html 
>
> ------------------------------
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 42, Issue 10
> *************************************
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070508/75e982f1/attachment.html

More information about the Users mailing list