[Openswan Users] OpenSWAN node to node connection

Vuppula, Srinivas srinivas.vuppula at intel.com
Thu Oct 11 13:58:16 EDT 2007


It was typo in the email only. The conf file was having defaultroute.
I do get the SA established successfully....don't know why it worked
today and not yesterday..may be reboot helped..
 
But the ther thing i saw was that, once the SA tunnel established....i
cannot pinch the 2 systems from each other...the ping hangs//
But while its hang, tcpdump does show the packets with ESP. So the
tunnel is fine and packets does cross...
 
Why is the ping fails from one to other system....
 
Do i need to have 2 NIC on one linux box and get another system
connected on the 2nd NIC and ping that from other linux box...
 
Why can't the ping from laptop ot gateway or viceversa do not works...
 
 

________________________________

From: Peter McGill [mailto:petermcgill at goco.net] 
Sent: Thursday, October 11, 2007 10:44 AM
To: Vuppula, Srinivas; users at openswan.org
Subject: RE: [Openswan Users] OpenSWAN node to node connection


Well for one thing I don't think you can have the same subnet on both
sides of the tunnel.
I suggest removing the subnet lines in the conf, for a host to host
tunnel.
Also you spelt left=%defaultroute incorrectly as left=%defaultroot in
your Left ipsec.conf.
 
ie)
Left ipsec.conf:
conn net-to-net
    left=%defaultroute
    leftnexthop=%defaultroute
    leftid=@left.com
    leftrsasigkey=...
    # leftsubnet=192.168.1.100/32 # defaults to left
    right=192.168.1.101
    rightid=@right.com
    rightrsasigkey=...
    # rightsubnet=192.168.1.101/32 # defaults to right
    auto=add
Right ipsec.conf:
conn net-to-net
    left=%defaultroute
    leftnexthop=%defaultroute
    leftid=@right.com
    leftrsasigkey=...
    # leftsubnet=192.168.1.101/32 # defaults to left
    right=192.168.1.100
    rightid=@left.com
    rightrsasigkey=...
    # rightsubnet=192.168.1.100 # defaults to right
    auto=add
 
 
Peter McGill
 



________________________________

	From: users-bounces at openswan.org
[mailto:users-bounces at openswan.org] On Behalf Of Vuppula, Srinivas
	Sent: October 11, 2007 12:40 PM
	To: users at openswan.org
	Subject: [Openswan Users] OpenSWAN node to node connection
	
	
	
	

	I am trying to connect two linux systems through router (both
are directly conncted to LinkSys router). 
	The IP of each system are 192.168.1.100 and 192.168.1.101. 
	The gateway IP of the router is 192.168.1.1 
	I also named the 2 linux boxes as box1 at left.com and
box2 at right.com 
	Both of them has openSWAN installed. Ipsec is started on both. 
	Attached are the 2 IPSec.conf files. 
	When I run the command on the left system as described at
http://wiki.openswan.org/index.php/Openswan/Configure
<http://wiki.openswan.org/index.php/Openswan/Configure>  
	I do not get tunnel established. It retries retransimission and
hangs. 

	The command used is 
	Ipsec auto --up net-to-net 

	My goal is to get 2 systems connected as client -server over VPN
tunnel using IPSec. 
	Can any one comment on the config. Is it correct? What is to be
changed? 

	The left system has IP with DHCP configured. The right system
has static IP configured, as suggested in the document. 
	Thanks, 
	Srinivas 

	Left system IPSec.conf: 
	conn net-to-net 
	        left=%defaultroot   # also tried with 192.168.1.100 but
same result 
	        leftid=@left.com 
	        leftsubnet=192.168.1.1/24 
	
leftrsasigkey=0sAQOE4rLjh9bL3szKqCwxSoHT84l+jGbfPcUfNs9BDL2UAwEITq1MVmHI
QHwo2UX8aQ5ObSnDQYVODwf5gYIGzmShqpt0FEFN8ewYIdxkPvcSLiC5AgLsGBO0Lu4o2A4V
Ox6btaiTygcFtpyrvNGdpWFJiLe5TeExV+TaaxS8Uq3x4b/3FUsFsH3AfS3CN7qnKeCpZN54
y3qOBzxxmQNKR/scV5pLIQr60FFOG1O5GYqhFAZR9gTIC998V5USMz0LpB6aNir7avE5dTdW
cypunyZFWPDyZXyDt6gtNgaX/1G+b1yCKGOGZD+5pIdOBnzp1wArmo+Rmvuw9ifisM/DI6rT
8tEI0ZgcxsV5RR6tLlaOg3dd

	        right=192.168.1.101 
	        rightid=@right.com 
	        rightsubnet=192.168.1.1/24 
	
rightrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwId
NGZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePqrP1uvTOFJ89R
cFCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8w
tKm7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFKR0p1gdwWXWfWVPDktpSVV6Mx
myDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSK
Y2SgygQ6BO/Ua70MoIAxyy76N

	        auto=add 


	Right system IPSec.conf : I switched the setting as mentioned in
RoadWarrior configuration 

	conn net-to-net 
	        left=192.168.1.101 
	        leftid=@right.com 
	        leftsubnet=192.168.1.1/24 
	
leftrsasigkey=0sAQN8O4IdR8iTX7C5r38mkS/Lgy3UbkuirD624dei/HbmfrhanH4fwIdN
GZu++IbfC5lr1fJH5+XVhAI5yYljj6I1KW+p+X3y+qL78jiWCJAfQhSdePqrP1uvTOFJ89Rc
FCn8gQexcGSr2cq2hFW7Bny8+L1Az/YxEskhNO47dDoRn739WtrYS3eE/B/NJyFrucrZf8wt
Km7FF2cOIknWJ1s4YlRvXZ1kokvDa3gPAugL9I1KGJ8KuFKR0p1gdwWXWfWVPDktpSVV6Mxm
yDt2IYJSWBrLzDEFEI9OgB9R4PWgC38w5bf7uxkJXxC+K47EX9yr1F5JMWbh4jvefStlQSKY
2SgygQ6BO/Ua70MoIAxyy76N

	        rightnexthop=%defaultroute 
	        right=192.168.1.100 
	        rightid=@left.com 
	
rightrsasigkey=0sAQOE4rLjh9bL3szKqCwxSoHT84l+jGbfPcUfNs9BDL2UAwEITq1MVmH
IQHwo2UX8aQ5ObSnDQYVODwf5gYIGzmShqpt0FEFN8ewYIdxkPvcSLiC5AgLsGBO0Lu4o2A4
VOx6btaiTygcFtpyrvNGdpWFJiLe5TeExV+TaaxS8Uq3x4b/3FUsFsH3AfS3CN7qnKeCpZN5
4y3qOBzxxmQNKR/scV5pLIQr60FFOG1O5GYqhFAZR9gTIC998V5USMz0LpB6aNir7avE5dTd
WcypunyZFWPDyZXyDt6gtNgaX/1G+b1yCKGOGZD+5pIdOBnzp1wArmo+Rmvuw9ifisM/DI6r
T8tEI0ZgcxsV5RR6tLlaOg3dd

	        auto=add 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071011/3325082a/attachment.html 


More information about the Users mailing list