[Openswan Users] After reboot openswan quits

Tejas Jin txjin at intelliepi.com
Tue Oct 23 13:50:55 EDT 2007 

Paul Wouters wrote:
> On Mon, 22 Oct 2007, Tejas Jin wrote:
>
>   
>> I have had this system up and running for a month.  It got rebooted and
>> now none of the road warriors can connect to it.  I think I'm blinded by
>> it worked before and it should be working now.   Maybe somebody else can
>> see the problem.  It's not even making the first step key exchange
>> correctly.
>>     
>
>   
>> --------------------------------------------------------------------------------------------------------------
>> roadwarrior ipsec.conf
>> ------------------------------------------------------------------------------------------------------------
>>     
>
>   
>> conn office
>>         keyexchange=ike
>>         esp=3des-md5
>>         ike=3des-md5
>>         authby=secret
>>         pfs=yes
>>         keylife=3600
>>         right=66.211.219.100
>>         rightsubnet=192.168.5.0/24
>>     
>
> This does not match with your server end, that is using 192.168.1.0/24
>   
>>         #rightsourceip=
>>         rightnexthop=%defaultroute
>>         rightid=@firewall
>>         left=%defaultroute
>>         #leftsubnet=vhost:%priv,%no
>>     
>
> If the roadwarrior is behind NAT, you need to enable that leftsubnet line.
>
>   
    I corrected the other issues, but when I add this line to the road 
warrior, I get
root at warrior #  ipsec auto --up office
022 "office": We cannot identify ourselves with either end of this 
connection.

>> include /etc/ipsec.d/*.conf
>> -----------------------------------------------
>> ipsec.conf openswan server
>> -------------------------------------------------
>> config setup
>>         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>>         # klipsdebug=none
>>         # plutodebug="control parsing"
>>         virtual_private=%v4:192.168.5.0/24
>>     
>
> You should list all RFC1918 address space here EXCEPT the one assigned to the server,
> so: virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.18.1.0/24,%v4:!192.168.1.0/24
>
>   
>>         nat_traversal=yes
>>
>>
>> conn office
>>         keyexchange=ike
>>         esp=3des-md5
>>         ike=3des-md5
>>         authby=secret
>>         pfs=yes
>>         keylife=3600
>>         left=66.211.219.100
>>         leftsubnet=192.168.1.0/24
>>         leftsourceip=192.168.1.177
>>         leftnexthop=%defaultroute
>>         leftid=@firewall
>>         right=%any
>>         #rightsubnet=192.168.5.0/24
>>         rightsubnet=vhost:%priv,%no
>>         rightnexthop=%defaultroute
>>         rightid=@warrior
>>     
>
> Paul
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071023/acc99bcf/attachment.html

More information about the Users mailing list