[Openswan Users] Openswan: ip xfrm policy shows different data than /etc/ipsec.conf

Ian Brown ianbrn at gmail.com
Sun Feb 3 07:28:25 EST 2008 

Hello,

Thanks !

I tried it, unforrunately without success.

I had set tun to 172.16.0.1 on one machine.
I had set tun to 172.17.0.1 on the second machine.

I get on one machine:
Feb  3 14:21:24 machine1 ipsec_setup: ...Openswan IPsec started
Feb  3 14:21:24 machine1 ipsec__plutorun: 104 "linux-to-linux-1" #1:
STATE_MAIN_I1: initiate
Feb  3 14:21:24 machine1 ipsec__plutorun: ...could not start conn
"linux-to-linux-1"

and on the second
Feb  3 14:19:44 machine2 ipsec__plutorun: 104 "linux-to-linux-1" #1:
STATE_MAIN_I1: initiate
Feb  3 14:19:44 machine2 ipsec__plutorun: ...could not start conn
"linux-to-linux-1"

The ipsec.conf I have on both machines is:

config setup
	nat_traversal=yes

include /etc/ipsec.d/*.conf

				
conn linux-to-linux-1
        leftrsasigkey=0sAQNwbr3H8CuBBm+2r12iY...
        rightrsasigkey=0sAQNwbr3H8CuBBm+2r12i...
        type=tunnel
        auto=start
				auth=esp
				left=172.16.0.1
				right=172.17.0.1
				leftsubnet=172.16.0.0/24
				rightsubnet=172.17.0.0/24
				
And "service ipsec status" shows:
IPsec running  - pluto pid: #pid
pluto pid
No tunnels up

- on both machine

ifconfig tun shows that the tun interfcae is up on both machines.

Any ideas what went wrong here ?

Regards,
Ian

				
				

2008/1/31 Witold Golab <w.golab at gtn.pl>:
> Dnia czwartek 31 stycznia 2008, w temacie "Re: [Openswan Users] Openswan: ip
>  xfrm policy shows different data than /etc/ipsec.conf" napisał(e|a)ś:
>
> > Witold ,
>  >  Yes, as a rule you are right.
>  >  Host to host connection is in transport mode.
>  >
>  >  Any ideas if I can simulate tunnel mode on a local network somehow ?
>  > (So that two machines will connect in tunnel mode with IPsec)
>  >
>  Try add tuntap or gre or whatsever (virtual) interfaces on both sides
>
>  on one side:
>  tun0 172.16.0.1/24
>
>  leftsubnet=172.16.0.0/24
>  righsubnet=172.17.0.0/24
>
>  on second side:
>  tun0 172.17.0.1/24
>  leftsubnet=172.17.0.0/24
>  righsubnet=172.16.0.0/24
>
>  Regards
>  Witold Golab
>

More information about the Users mailing list