[Openswan Users] No Encryption to Linksys WRV200
Michael Roessler
michroes at gmx.de
Wed Aug 20 05:56:59 EDT 2008
Hi @ll,
I try to connect between openswan 2.4.9 (on Fedora8) and Linksys WRV200.
Although the connection seems to be established a ping from openswan-gw to Linksys-gw is unencrypted.
This is the output if I establish the connection with "ipsec auto --up tunnel":
104 "tunnel" #1: STATE_MAIN_I1: initiate
106 "tunnel" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "tunnel" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "tunnel" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "tunnel" #2: STATE_QUICK_I1: initiate
004 "tunnel" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x482eb5f1 <0x511ad672 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
ipsec.conf:
+++++++++
version 2
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%4:192.168.0.0/16,%4:!192.168.xx.yy/24,%4:
conn %default
authby=secret
conn net-to-net
left=213.23.xx.yy
leftsubnet=192.168.xx.yy/24
right=220.232.yy.zz
rightsubnet=192.168.yy.zz/24
pfs=yes
keylife=3600s
type=tunnel
auto=add
+++++++++
I have also commented out "nat_traversal" and shut down the firewall. But the ping traffic is never encrypted.
This is tcpdump output(ping from openswan-gw to linksys-gw):
+++++++++++++++
10:07:28.890178 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 13, length 64
10:07:29.274266 IP linksys-ip > openswan-ip: ESP(spi=0xa515dadf,seq=0x7), length 100
10:07:29.529734 IP openswan-ip > linksys-ip: ICMP echo request, id 23061, seq 14, length 64
10:07:29.882292 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 14, length 64
10:07:30.529730 IP openswan-ip > linksys-ip: ICMP echo request, id 23061, seq 15, length 64
10:07:30.885900 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 15, length 64
10:07:31.529728 IP openswan-ip > linksys-ip: ICMP echo request, id 23061, seq 16, length 64
10:07:31.789256 IP linksys-ip > openswan-ip: ESP(spi=0xa515dadf,seq=0x8), length 100
10:07:31.901252 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 16, length 64
10:07:32.529730 IP openswan-ip > linksys-ip: ICMP echo request, id 23061, seq 17, length 64
10:07:32.875537 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 17, length 64
10:07:33.529730 IP openswan-ip > linksys-ip: ICMP echo request, id 23061, seq 18, length 64
10:07:33.885307 IP linksys-ip > openswan-ip: ICMP echo reply, id 23061, seq 18, length 64
10:07:34.303336 IP linksys-ip > openswan-ip: ESP(spi=0xa515dadf,seq=0x9), length 100
+++++++++++++++
Can you please give me a hint what I need to look for? Thank you.
Michael
--
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
More information about the Users
mailing list