[Openswan Users] Roaming user to Central site VPN or dynamic IP address to static IP address VPN..
Alejandro Correa
linuxservers at gmail.com
Mon Nov 12 21:52:21 EST 2007
Hello everybody,
Is my first post here, and these are my first attempts with OpenSwan.
The VPN is between two Linksys boxes running OpenWRT 0.9 with OpenSwan
version 2.4.6-1.
The VPN type is Net To Net. One box is a pppoe dynamic IP address
(RoamingUser), and the other with a static IP address (CentralSite) .
The tunnel is working fine, except when the IP address of the
RoamingUser side change, when this happens, it cannot establish the
tunnel again, If I restart the IPSEC service in the Central Site the
VPN came up again and it works fine until the next IP addres change in
the Roaming User side..Is the only way that I find to restablish the
tunnel again.
For the dynamic IP address I create a dyndns account.
I have tried diferent parameters but I cannot fix this problem
this are my ipsec.conf files
version 2.0 version 2.0
##Roaming User ##Central Site (A.B.C.D)
config setup config setup
#plutowait=yes #plutowait=yes
klipsdebug="none" klipsdebug="none"
#klipsdebug="yes" #klipsdebug="yes"
plutodebug="none" plutodebug="none"
#plutodebug="yes" #plutodebug="yes"
nat_traversal=no nat_traversal=no
interfaces=%defaultroute interfaces=%defaultroute
conn tocentralsite conn toroaminguser
authby=secret authby=secret
auth=esp auth=esp
pfs=yes pfs=yes
keyexchange=ike keyexchange=ike
ike=3des-md5-modp1024 ike=3des-md5-modp1024
ikelifetime=3600 ikelifetime=3600
keyingtries=%forever keyingtries=3
keylife=3600 keylife=3600
rekey=yes rekey=no
esp=3des-md5 esp=3des-md5
type=tunnel type=tunnel
left=%defaultroute left=%defaultroute
leftsubnet=192.168.1.0/255.255.255.0
leftsubnet=192.168.2.0/255.255.255.0
leftnexthop=%defaultroute leftnexthop=%defaultroute
leftid=@example.dyndns.org rightid=@example.dyndns.org
right=A.B.C.D right=example.dyndns.org
rightsubnet=192.168.2.0/255.255.255.0
rightsubnet=192.168.1.0/255.255.255.0
#rightnexthop=%defaultroute #rightnexthop=%defaultroute
dpddelay=10 dpddelay=10
dpdtimeout=30 dpdtimeout=30
dpdaction=restart dpdaction=clear
auto=start auto=add
#aggrmode=yes #aggrmode=yes
#leftsourceip=192.168.1.1 #leftsourceip=192.168.2.1
#Disable Opportunistic Encryption #Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf include
/etc/ipsec.d/examples/no_oe.conf
When the IP addres change the logread command show me this
##In the central site
...
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from
190.64.208.235:500: received Vendor ID payload [Openswan (this
version) 2.4.6 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from
190.64.208.235:500: received Vendor ID payload [Dead Peer Detection]
Nov 12 08:45:44 VPNGW kern.warn pluto[822]: packet from
190.64.208.235:500: initial Main Mode message received on A.B.C.D:500
but no connection has been authorized
...
##In the Roaming user
...
Nov 12 08:21:53 VPN kern.warn pluto[6760]: "testvpn" #2: initiating
Main Mode to replace #1
Nov 12 08:23:53 VPN kern.warn pluto[6760]: pending Quick Mode with
A.B.C.D "testvpn" took too long -- replacing phase 1
...
I will apreciate any help.
Best regards
Alejandro.
More information about the Users
mailing list