[Openswan Users] Help: Tunnel setup between Linux PC and Windows XP PC through GPRS

Mohamed Mydeen.A mohamedmydeen.a at jasmin-infotech.com
Thu Feb 7 08:34:22 EST 2008 

Hi,

 

I am trying to set up VPN tunnel between two PCs.  One is running openswan
-2.4.10 on linux machine and other PC is running on Windows XP PC.

 

Both PCs are connected to GPRS Modems (Here interface is PPP0).  So there is
no DSL Cable Modem. I am able to setup VPN tunnel using openswan running on
two Linux PCs through GPRS modem.  But I replace one linux PC by Windows
then I am facing problem.

 

I have followed the procedure using the following link from Nate Carlson. 

 

http://www.natecarlson.com/linux/ipsec-x509.php

 

But I could not set up the tunnel.  

 

-----------------------------My ipsec.conf in Linux PC is as follows
----------------------------------------------------------------------------
-----------------

 

# /etc/ipsec.conf - Openswan IPsec configuration file

# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $

 

# This file:  /usr/share/doc/packages/openswan/ipsec.conf-sample

#

# Manual:     ipsec.conf.5

 

 

version     2.0   # conforms to second version of ipsec.conf specification

 

# basic configuration

config setup

      # plutodebug / klipsdebug = "all", "none" or a combation from below:

      # "raw crypt parsing emitting control klips pfkey natt x509 private"

      # eg:

      # plutodebug="control parsing"

      #

      # Only enable klipsdebug=all if you are a developer

      #

      # NAT-TRAVERSAL support, see README.NAT-Traversal

       nat_traversal=yes

      # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

      #

      # Certificate Revocation List handling:

      #crlcheckinterval=600

      #strictcrlpolicy=yes

      #

      # Change rp_filter setting? (default is 0, disabled)

      # See also setting in the /etc/sysctl.conf file!

      #rp_filter=%unchanged

      #

      # Workaround to setup all tunnels immediately, since the new default

      # of "plutowait=no" causes "Resource temporarily unavailable" errors

      # for the first connect attempt over each tunnel, that is delayed to

      # be established later / on demand.

      #

      plutowait=yes

      interfaces=%defaultroute

      klipsdebug=none

      plutodebug=none

 

# default settings for connections

conn %default

      # keyingtries default to %forever

      keyingtries=1

      compress=yes

      disablearrivalcheck=no

      authby=secret

      # Sig keys (default: %dnsondemand)

      leftrsasigkey=%cert

      rightrsasigkey=%cert

      # Lifetimes, defaults are 1h/8hrs

      #ikelifetime=20m

      #keylife=1h

      #rekeymargin=8m   

#Disable Opportunistic Encryption

#include /etc/ipsec.d/examples/no_oe.conf

 

# Add connections here

 

# sample VPN connection

#conn sample

#           # Left security gateway, subnet behind it, nexthop toward right.

#           left=10.0.0.1

#           leftsubnet=172.16.0.0/24

#           leftnexthop=10.22.33.44

#           # Right security gateway, subnet behind it, nexthop toward left.

#           right=10.12.12.1

#           rightsubnet=192.168.0.0/24

#           rightnexthop=10.101.102.103

#           # To authorize this connection, but not actually start it, 

#           # at startup, uncomment this.

#           #auto=start

                  

conn roadwarrior

      left=118.99.132.11      

      leftsubnet=118.99.132.11/255.255.255.255        

      right=118.99.138.145          

      rightsubnet=118.99.138.145/255.255.255.255

      keyexchange=ike

      ike=3des-sha1-modp1024  

      auth=esp

      type=tunnel

      pfs=yes

      esp=3des-sha1     

      auto=start  

 

conn block

      auto=ignore

 

conn clear

      auto=ignore

 

conn private

      auto=ignore

 

conn private-or-clear

      auto=ignore

 

conn clear-or-private

      auto=ignore

 

conn packetdefault

      auto=ignore

 

------------------------------------------------------My ipsec.secrets in
Linux PC is as follows ---------------------------------------

 

: RSA /etc/ipsec.d/private/host.key "password"

 

----------------------------------------------------------------------------
------------------------------------------------------------------

 

------------------------------------My ipsec.conf in Windows XP PC is as
follows---------------------------------------------------

 

conn roadwarrior

      left=118.99.132.11

      leftsubnet=118.99.132.11/255.255.255.255

      right=118.99.138.145

      rightsubnet=118.99.138.145/255.255.255.255

      rightca="C=IN, S=UP, O=MN, OU=WWD, CN=ma.master.com,
E=master_ca at master.com"

      network=auto

      keyexchange=ike

      ike=3des-sha1-modp1024

      auth=esp

      esp=3des-sha1

      auto=start

      pfs=yes

 

When I ping from Linux PC, I am getting output as "Resource temporarily
unavailable"

 

When I ping from Linux PC, I am getting output as "Negotiating IP Security"
and it comes four times and no syptoms for pinging.

 

If anyone can help in this regard, I would be much benefited then.

 

Thanks & Regards,

 

Mohamed Mydeen A

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080207/bbf8b875/attachment-0001.html

More information about the Users mailing list