[Openswan Users] OpenSWAN node to node connection

Peter McGill petermcgill at goco.net
Thu Oct 11 13:43:33 EDT 2007 

Well for one thing I don't think you can have the same subnet on both sides of the tunnel.
I suggest removing the subnet lines in the conf, for a host to host tunnel.
Also you spelt left=%defaultroute incorrectly as left=%defaultroot in your Left ipsec.conf.
 
ie)
Left ipsec.conf:
conn net-to-net
    left=%defaultroute
    leftnexthop=%defaultroute
    leftid=@left.com
    leftrsasigkey=...
    # leftsubnet=192.168.1.100/32 # defaults to left
    right=192.168.1.101
    rightid=@right.com
    rightrsasigkey=...
    # rightsubnet=192.168.1.101/32 # defaults to right
    auto=add
Right ipsec.conf:
conn net-to-net
    left=%defaultroute
    leftnexthop=%defaultroute
    leftid=@right.com
    leftrsasigkey=...
    # leftsubnet=192.168.1.101/32 # defaults to left
    right=192.168.1.100
    rightid=@left.com
    rightrsasigkey=...
    # rightsubnet=192.168.1.100 # defaults to right
    auto=add
 
 
Peter McGill
 



  _____  

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Vuppula, Srinivas
Sent: October 11, 2007 12:40 PM
To: users at openswan.org
Subject: [Openswan Users] OpenSWAN node to node connection





I am trying to connect two linux systems through router (both are directly conncted to LinkSys router). 
The IP of each system are 192.168.1.100 and 192.168.1.101. 
The gateway IP of the router is 192.168.1.1 
I also named the 2 linux boxes as box1 at left.com and box2 at right.com 
Both of them has openSWAN installed. Ipsec is started on both. 
Attached are the 2 IPSec.conf files. 
When I run the command on the left system as described at  <http://wiki.openswan.org/index.php/Openswan/Configure>
http://wiki.openswan.org/index.php/Openswan/Configure 
I do not get tunnel established. It retries retransimission and hangs. 

The command used is 
Ipsec auto --up net-to-net 

My goal is to get 2 systems connected as client -server over VPN tunnel using IPSec. 
Can any one comment on the config. Is it correct? What is to be changed? 

The left system has IP with DHCP configured. The right system has static IP configured, as suggested in the document. 
Thanks, 
Srinivas 

Left system IPSec.conf: 
conn net-to-net 
        left=%defaultroot   # also tried with 192.168.1.100 but same result 
        leftid=@left.com 
        leftsubnet=192.168.1.1/24 
 
leftrsasigkey=0sAQOE4rLjh9bL3szKqCwxSoHT84l+jGbfPcUfNs9BDL2UAwEITq1MVmHIQHwo2UX8aQ5ObSnDQYVODwf5gYIGzmShqpt0FEFN8ewYIdxkPvcSLiC5AgLs
GBO0Lu4o2A4VOx6btaiTygcFtpyrvNGdpWFJiLe5TeExV+TaaxS8Uq3x4b/3FUsFsH3AfS3CN7qnKeCpZN54y3qOBzxxmQNKR/scV5pLIQr60FFOG1O5GYqhFAZR9gTIC998
V5USMz0LpB6aNir7avE5dTdWcypunyZFWPDyZXyDt6gtNgaX/1G+b1yCKGOGZD+5pIdOBnzp1wArmo+Rmvuw9ifisM/DI6rT8tEI0ZgcxsV5RR6tLlaOg3dd

        right=192.168.1.101 
        rightid=@right.com 
        rightsubnet=192.168.1.1/24 
rightrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwIdNGZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePq
rP1uvTOFJ89RcFCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8wtKm7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFK
R0p1gdwWXWfWVPDktpSVV6MxmyDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSKY2SgygQ6BO/Ua70MoIAxyy76N

        auto=add 


Right system IPSec.conf : I switched the setting as mentioned in RoadWarrior configuration 

conn net-to-net 
        left=192.168.1.101 
        leftid=@right.com 
        leftsubnet=192.168.1.1/24 
 
leftrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwIdNGZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePqr
P1uvTOFJ89RcFCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8wtKm7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFKR
0p1gdwWXWfWVPDktpSVV6MxmyDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSKY2SgygQ6BO/Ua70MoIAxyy76N

        rightnexthop=%defaultroute 
        right=192.168.1.100 
        rightid=@left.com 
 
rightrsasigkey=0sAQOE4rLjh9bL3szKqCwxSoHT84l+jGbfPcUfNs9BDL2UAwEITq1MVmHIQHwo2UX8aQ5ObSnDQYVODwf5gYIGzmShqpt0FEFN8ewYIdxkPvcSLiC5AgL
sGBO0Lu4o2A4VOx6btaiTygcFtpyrvNGdpWFJiLe5TeExV+TaaxS8Uq3x4b/3FUsFsH3AfS3CN7qnKeCpZN54y3qOBzxxmQNKR/scV5pLIQr60FFOG1O5GYqhFAZR9gTIC99
8V5USMz0LpB6aNir7avE5dTdWcypunyZFWPDyZXyDt6gtNgaX/1G+b1yCKGOGZD+5pIdOBnzp1wArmo+Rmvuw9ifisM/DI6rT8tEI0ZgcxsV5RR6tLlaOg3dd

        auto=add 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071011/1c7c88e6/attachment-0001.html

More information about the Users mailing list