[Openswan Users] Installation/setup issues...

Mark Williams mwp at mwp.id.au
Wed Mar 5 20:29:03 EST 2008


Im still trying to fix this problem.
Grrrrr, im getting desperate here :(

If it makes any difference, the VPN server is running openswan-2.4.6,
and im running openswan-2.5.17.

Is it ok that im using an un-patched kernel (2.6.24.3) and no KLIPS module?

The setup looks like the following:
company-lan -> linux server (VPN-server) -> inet -> DSL router
(nat'ting) -> local lan -> linux server (VPN-client)

Im looking at the NAT mappings on the DSL router during a connection
attempt and its showing:

Prot | Local IP: Port local/public | Remote IP: Port
------|-----------------------------|-----------------------|-------
UDP  | 192.168.  0.  1:  500/  500 |  66. 45.165.xx:  500
UDP  | 192.168.  0.  1: 4500/ 4500 |  66. 45.165.xx: 4500
ICMP | 192.168.  0.  1:    3/    3 |  66. 45.165.xx:    3

Where 66. 45.165.xx is the IP of the VPN-server and 192.168.0.1 is the
IP of the VPN-client.

Any ideas???

Thanks!!

On Wed, Mar 5, 2008 at 6:30 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 4 Mar 2008, Jacco de Leeuw wrote:
>
>  > > The linux box im trying to connect to the VPN server with is behind a
>  > > DSL router (does NAT).
>  >
>  > > ignoring unknown Vendor ID payload [4f457a7d4646466667725f65]
>  >
>  > Hm, that's odd. If the remote side is Openswan too, it should know
>  > about this Vendor ID.
>
>  We generate a vendorid per build. But you can al recognise them, since
>  they start with "OE" (4F45). I think there is code in 2.5.x that tries
>  to match these to "openswan".
>
>
>  > >     pfs=no
>  >
>  > Once you get things working you can even switch to pfs=yes because
>  > the remote side also supports it.
>
>  Actually, I would do it right away to avoid rekey problems when initiator
>  and responder switch.
>
>  Paul
>  --
>
>
> Building and integrating Virtual Private Networks with Openswan:
>  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>  _______________________________________________
>  Users at openswan.org
>  http://lists.openswan.org/mailman/listinfo/users
>  Building and Integrating Virtual Private Networks with Openswan:
>  http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list