[Openswan Users] Help: Greenbow VPN Client to Openswan-2.4.10 through GPRS

Thu Jan 31 03:21:53 EST 2008

Hi All,

I want to create tunnel between two PCs.  One PC is running
Openswan-2.4.10on Linux platform(Suse
10.1) and the other PC is on Windows XP (with Service Pack 2).  I have
Greenbow Client Software which could be run on my Windows PC.  I have two
GPRS modems which are connected to these two PCs. Now I want to create VPN
tunnel between these two PCs using IPSec that is using  Openswan.  Is it
possible to make this setup work successfully ?

I have tried using PSK (Pre Shared Key) as authentication and as well as
using X.509 Certificates.  But I could not create the tunnel in both ways.

Can you please suggest or tell your comments about the feasibility this
configuration ?

Using PSK, Greenbow client software shows the following error.

20080131 131444 Default udp_create: no default transport
20080131 131444 Default exchange_establish: transport "udp" for peer
"Gateway1-P1" could not be created
20080131 131500 Default IKE daemon is removing SAs...
20080131 131505 Default Reinitializing IKE daemon
20080131 131505 Default Another IPSEC service is allready in service:
WSA(10013)
20080131 131505 Default TGB::IKE arrêté
20080131 131505 Default udp_make: WSA:10013 bind (20944, 117.97.150.166,
4):   WSA(0)
20080131 131505 Default udp_bind_if: failed to create a socket on
117.97.150.166:500
20080131 131505 Default IKE daemon reinitialized
20080131 131510 Default IKE daemon is removing SAs...
20080131 131515 Default Reinitializing IKE daemon
20080131 131515 Default Another IPSEC service is allready in service:
WSA(10013)
20080131 131515 Default TGB::IKE arrêté
20080131 131515 Default udp_make: WSA:10013 bind (20984, 117.97.150.166,
4):   WSA(0)
20080131 131515 Default udp_bind_if: failed to create a socket on
117.97.150.166:500
20080131 131515 Default IKE daemon reinitialized
20080131 131520 Default udp_create: no default transport
20080131 131520 Default exchange_establish: transport "udp" for peer
"Gateway1-P1" could not be created

My ipsec.conf as follows:
version 2.0

config setup
 plutowait=yes
 interfaces=%defaultroute

conn %default
 leftrsasigkey=%cert
 rightrsasigkey=%cert
 authby=secret
include /etc/ipsec.d/examples/no_oe.conf

conn west-east
 left=117.97.141.229
 right=117.97.150.166
 type=tunnel
 keyexchange=ike
 ike=3des-md5-modp1024
 auth=esp
 pfs=yes
 esp=3des-md5
 auto=start
 dpddelay=30
 dpdtimeout=120
 dpdaction=hold

My ipsec.secrets as follows:

117.97.141.129 117.97.150.166 : PSK "temporary"

The IP Addresses (117.97.141.129 & 117.97.150.166) for these two machines
are got from the Internet Service Provider once I get connection through
GPRS.
Based on the ipsec.conf file, I am setting changes in the Greenbow VPN
Client Software in Phase 1 and Phase 2.

I am getting fatigue if i try using X.509 certificate for the above
configuration.  Kindly which method either using PSK or X.509 is okay for
this configuration to make it up successively.

Kindly give your suggestions...

Regards,

Mohamed Mydeen A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080131/969530fa/attachment.html 