[Openswan Users] Trying to use linux as VPN client

Sebastiaan van Erk sebster at sebster.com
Thu Nov 20 04:05:03 EST 2008 

Hi all,

I'm trying to use my Ubuntu 7.10 linux laptop as an ipsec client and 
installed the most recent version of openswan (so I'm not using the one 
provided by ubuntu since it was hopelessly out of date):

$ ipsec --version
Linux Openswan 2.6.18 (klips)
See `ipsec --copyright' for copyright information.

When I start ipsec and then try to establish my VPN I get the following 
output:

$ ipsec auto --up relate
112 "relate" #1: STATE_AGGR_I1: initiate
003 "relate" #1: received Vendor ID payload [Dead Peer Detection]
004 "relate" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=aes_192 prf=oakley_sha group=modp1024}
117 "relate" #2: STATE_QUICK_I1: initiate
010 "relate" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "relate" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "relate" #2: max number of retransmissions (2) reached 
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: 
perhaps peer likes no proposal
000 "relate" #2: starting keying attempt 2 of at most 3, but releasing whack
$

I followed the tutorial at 
http://www.jacco2.dds.nl/networking/linux-l2tp.html and tried to google 
and read other docs, but I have no idea what's happening or what I'm 
doing wrong. I can establish the connection using VMWare + GTA mobile 
client in Windows XP no problems.

My config files are:

/etc/ipsec.conf:
config setup
         protostack=klips
         #plutodebug="all"
         #klipsdebug="all"
         nat_traversal=no
         nhelpers=0

# VPN connections
include /etc/ipsec.d/relate.conf

# Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

/etc/ipsec.d/relate.conf:
conn relate
         authby=secret
         pfs=yes
         rekey=yes
         keyingtries=3
         type=transport
         aggrmode=yes
         left=%defaultroute
         leftid="sebster at sebster.com"
         leftprotoport=17/1701
         right=111.111.111.111 # here i have the real server ip
         rightprotoport=17/1701
         ike=aes192-sha1-modp1024
         esp=aes192-sha1
         auto=add

/etc/ipsec.secrets:
: RSA /etc/ipsec.d/private/blauwoorKey.pem

E=sebster at sebster.com 111.111.111.111: PSK "mysecret"
sebster at sebster.com 111.111.111.111: PSK "mysecret"

I'm a total newbie, so I'm probably doing something silly wrong. Thanks 
in advance for any pointers!

Regards,
Sebastiaan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3315 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20081120/cd2d25f1/attachment.bin

More information about the Users mailing list