[Openswan Users] Interoperability between Openswan and Freeswan

Arjun Datta arjun at greatgulfhomes.com
Mon Jan 28 11:12:43 EST 2008 

Hi Paul,

Thanks for the response.  No, not win95 thankfully :-) My organisation 
has a vpn server that is running freeswan 1.4 off RH 5.2. It's been 
around for years.

I have been tasked with getting a new remote firewall running FC7 with 
openswan to connect to the above.

I cannot simply replace the RH 5.2 vpn server because there are other 
vpn servers in non-local locations who are using it.  They are all RH 
9.  So unless I replace the 5.2 machine and ALL the other non-local 
machines at the same time, I am stuck with it.

At this stage basic functionality is more important that security and 
versatility.  If I can get the FC7 openswan to talk to and connect to 
the RH 9 Freeswan, I'd be very content for the time being and then I can 
make a case to replace all the other vpns servers over time.

I have made some progress and have the ipsec.secrets and ipsec.conf file 
configured at both ends.

I am getting the following error when i restart ipsec on the freeswan side:

ipsec_setup: 102 "<conn_name>" #15: STATE_MAIN_I1: initiate
ipsec_setup: 010 "<conn_name>" #15: STATE_MAIN_I1: retransmission
ipsec_setup: 010 "<conn_name>" #15: STATE_MAIN_I1: retransmission
ipsec_setup: 031 "<conn_name>" #15: STATE_MAIN_I1: too many retransmissions
ipsec_setup: 000 "<conn_name>" #15: starting keying attempt 2 of an 
unlimited number, but releasing whack

And I cannot ping either subnet from the other.

So before I started troubleshooting, I wanted to ensure that it is 
possible to do what I am trying to do.

Regards,
 
Arjun Datta
Great Gulf Homes / Ashton Woods Homes
416 441 1262 x2822



Paul Wouters wrote:
> On Fri, 25 Jan 2008, Arjun Datta wrote:
>
>   
>> Can Openswan U2.4.7/K on  2.6.23.12-52.fc7 connect to FreeSwan 1.4 ?
>>     
>
> Not if you need X509, NAT-T, XAUTH, IKEv2 and if you dont run in any
> of th many bugs in freeswan 1.4, which is what? 10 years old?
>
> Are you still running windows 95?
>
>   
>> I believe the FreeSwan server is RH 5.2 (Don't ask :- )
>>     
>
> It's a huge security risk.
>
> Paul
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080128/a8a2869a/attachment.html

More information about the Users mailing list