[Openswan Users] how to connect openswan to broadband---full detail !!!
Nirmala Balu
nirmala2005 at gmail.com
Wed Jul 2 05:29:51 EDT 2008
My network diagram is shown below.
openswan gateway1<----->modem1<----> internet <------->
modem2<-------->openswan gateway2
IP addresses:
(1)openswan gateway1--192.168.1.102
(2)modem 1 internal ip address----192.168.1.1
(3)modem 1 external(static)ip address----59.90.235.34
(4)modem 2 external(static)ip address----59.90.235.36
(5)modem 2 internal ip address----192.168.1.1
(6)openswan gateway 2--192.168.1.2
My ipsec.conf and ipsec.conf is given below:
IPSEC.CONF
-------------------
version 2.0
config setup
interfaces="ipsec0=eth1"
plutodebug=all
klipsdebug=all
uniqueids=yes
conn testorig
left=192.168.1.102
ike=aes128-sha-modp8192
esp=aes256-sha1
- Ignored:
#leftsubnet=192.169.100.0/24
leftnexthop=192.168.1.1
right=192.168.1.2
#rightsubnet=192.169.80.0/24
rightnexthop=192.168.1.1
authby=secret
pfs=no
ikelifetime=1h
keylife=1d
auto=ignore
compress=no
rekey=no
failureshunt=passthrough
auth=esp
include /etc/ipsec.d/examples/no_oe.conf
IPSEC.SECRETS
--------------------------
192.168.1.102 192.168.1.2: PSK "secret"
When i gave "up " command ,tunnel is not coming up.
[root at vpn1 ~]# ipsec auto --up testorig
104 "testorig" #1: STATE_MAIN_I1: initiate
010 "testorig" #1: STATE_MAIN_I1: retransmission; will wait 20s for
response
In barf message, it is giving following error:
"*ERROR: asynchronous network error report on eth1 (sport=500) for
message
to 192.168.1.2 port 500, complainant 192.168.1.102: No route to host
[errno
113, origin ICMP type 3 code 1 (not authenticated)]"*
......
.....
Jul 2 19:45:25 vpn1 pluto[4038]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #1
Jul 2 19:45:25 vpn1 pluto[4038]: | next event EVENT_RETRANSMIT in 10
seconds for #1
Jul 2 19:45:28 vpn1 pluto[4038]: | rejected packet:
Jul 2 19:45:28 vpn1 pluto[4038]: | f1 15 14 43 0d 09 72 48 00 00 00
00
00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | 01 10 02 00 00 00 00 00 00 00 00
78
0d 00 00 38
Jul 2 19:45:28 vpn1 pluto[4038]: | 00 00 00 01 00 00 00 01 00 00 00
2c
00 01 00 01
Jul 2 19:45:28 vpn1 pluto[4038]: | 00 00 00 24 00 01 00 00 80 0b 00
01
80 0c 0e 10
Jul 2 19:45:28 vpn1 pluto[4038]: | 80 01 00 07 80 02 00 02 80 03 00
01
80 04 00 12
Jul 2 19:45:28 vpn1 pluto[4038]: | 80 0e 00 80 0d 00 00 10 4f 45 4e
55
7a 5e 71 5f
Jul 2 19:45:28 vpn1 pluto[4038]: | 6a 7b 61 4a 00 00 00 14 af ca d7
13
68 a1 f1 c9
Jul 2 19:45:28 vpn1 pluto[4038]: | 6b 86 96 fc 77 57 01 00
Jul 2 19:45:28 vpn1 pluto[4038]: | control:
Jul 2 19:45:28 vpn1 pluto[4038]: | 18 00 00 00 00 00 00 00 08 00 00
00
01 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | c0 a8 01 66 c0 a8 01 66 2c 00 00
00
00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | 0b 00 00 00 71 00 00 00 02 03 01
00
00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | 00 00 00 00 02 00 00 00 c0 a8 01
66
00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | 00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: | name:
Jul 2 19:45:28 vpn1 pluto[4038]: | 02 00 01 f4 c0 a8 01 02 00 00 00
00
00 00 00 00
Jul 2 19:45:28 vpn1 pluto[4038]: "testorig" #1: *ERROR: asynchronous
network error report on eth1 (sport=500) for message to 192.168.1.2 port
500, complainant 192.168.1.102: No route to host [errno 113, origin ICMP
type 3 code 1 (not authenticated)]*
Jul 2 19:45:28 vpn1 pluto[4038]: | next event EVENT_RETRANSMIT in 7
seconds
for #1
Jul 2 19:45:35 vpn1 pluto[4038]: |
Jul 2 19:45:35 vpn1 pluto[4038]: | *time t
can you tell me what is the mistake in this configuration?????
what to do to solve this problem???
thanks in advance,
Regards,
Nirmala
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080702/51ac4fb0/attachment.html
More information about the Users
mailing list