[Openswan Users] problem setting up roadwarriors

Peter McGill petermcgill at goco.net
Tue May 8 08:30:46 EDT 2007 

> -----Original Message-----
> Date: Mon, 7 May 2007 07:09:47 +0000
> From: "TESTVPN R119LNXADM" <testvpn.r119lnxadm at googlemail.com>
> Subject: [Openswan Users] problem setting up roadwarriors
> To: users at openswan.org
> 
> I have some problems setting up a working roadwarrior connection.
> 
> I'am able to setup a normal connection with the net-to-net as 
> defined on the
> openswan website.
> but the roadwarrior connection is a problem. can any of you 
> guys look into
> to this problem because it constantly gives the error
> 
> 
> Ipsec is working correctly
> 
> Checking your system to see if IPsec got installed and 
> started correctly:
> Version check and ipsec
> on-path                                                  [OK]
> Linux Openswan U2.4.6/K2.6.18-4-686 (netkey)
> Checking for IPsec support in
> kernel                                             [OK]
> NETKEY detected, testing for disabled ICMP send_redirects     
>   [FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/send_redirects
>   or NETKEY will cause the sending of bogus ICMP redirects!
> 
> NETKEY detected, testing for disabled ICMP accept_redirects   
>   [FAILED]
> 
>   Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
>   or NETKEY will accept bogus ICMP redirects!
> 
> Checking for RSA private key (/etc/ipsec.secrets)
> [OK]
> Checking that pluto is
> running                                                       [OK]
> Two or more interfaces found, checking IP forwarding          
>          [OK]
> Checking NAT and MASQUERADEing
> [N/A]
> Checking for 'ip'
> command                                                       
>      [OK]
> Checking for 'iptables'
> command                                                  [OK]
> Opportunistic Encryption
> Support                                              [DISABLED]
> 
> 
> The Gateway
> 
> #
> #File: /etc/ipsec.conf
> #
> conn road
>     left=172.16.12.33                       # Gateway's information
>     leftid=@r119-lnx-adm                #
>     leftsubnet=255.255.0.0/24        #
>     leftrsasigkey=0sAQNn+Bw0b     #
>     rightnexthop=%default              # correct in many situations
>     right=%any                                # Wildcard: we 
> don't know the
> laptop's IP
>     rightid=@road.douwe.com        #
>     rightrsasigkey=0sAQPNANYL     #
>     auto=start                                 # authorizes 
> but doesn't
> start this
>                                                        # connection at
> startup

	left= needs to be your public (internet) ip address,
		not your private lan address.
	leftsubnet=172.16.12.0/24
	auto=add

> The Roadwarrior
> 
> #
> #File: /etc/ipsec.conf
> #
> conn road
>     left=%defaultroute                     # Picks up our dynamic IP
>     leftid=@road.douwe.com           # Local information
>     leftrsasigkey=0sAQPNANYL       #
>     right=172.16.12.33                    # Remote information
>     rightsubnet=255.255.0.0/24       #
>     rightid=@xy.example.com         #
>     rightrsasigkey=0sAQNn+Bw0b  #
>     auto=start                                  # authorizes 
> but doesn't
> start this
>                                                        # connection at
> startup

	right= Again needs to be your gateway public ip,
		not private lan ip.
	rightsubnet=172.16.12.0/24
	rightid=@r119-lnx-adm

These changes should help.

Peter

More information about the Users mailing list