[Openswan Users] After reboot openswan quits
Paul Wouters
paul at xelerance.com
Mon Oct 22 20:59:41 EDT 2007
On Mon, 22 Oct 2007, Tejas Jin wrote:
> I have had this system up and running for a month. It got rebooted and
> now none of the road warriors can connect to it. I think I'm blinded by
> it worked before and it should be working now. Maybe somebody else can
> see the problem. It's not even making the first step key exchange
> correctly.
> --------------------------------------------------------------------------------------------------------------
> roadwarrior ipsec.conf
> ------------------------------------------------------------------------------------------------------------
> conn office
> keyexchange=ike
> esp=3des-md5
> ike=3des-md5
> authby=secret
> pfs=yes
> keylife=3600
> right=66.211.219.100
> rightsubnet=192.168.5.0/24
This does not match with your server end, that is using 192.168.1.0/24
> #rightsourceip=
> rightnexthop=%defaultroute
> rightid=@firewall
> left=%defaultroute
> #leftsubnet=vhost:%priv,%no
If the roadwarrior is behind NAT, you need to enable that leftsubnet line.
> include /etc/ipsec.d/*.conf
> -----------------------------------------------
> ipsec.conf openswan server
> -------------------------------------------------
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> virtual_private=%v4:192.168.5.0/24
You should list all RFC1918 address space here EXCEPT the one assigned to the server,
so: virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.18.1.0/24,%v4:!192.168.1.0/24
> nat_traversal=yes
>
>
> conn office
> keyexchange=ike
> esp=3des-md5
> ike=3des-md5
> authby=secret
> pfs=yes
> keylife=3600
> left=66.211.219.100
> leftsubnet=192.168.1.0/24
> leftsourceip=192.168.1.177
> leftnexthop=%defaultroute
> leftid=@firewall
> right=%any
> #rightsubnet=192.168.5.0/24
> rightsubnet=vhost:%priv,%no
> rightnexthop=%defaultroute
> rightid=@warrior
Paul
More information about the Users
mailing list