[Openswan Users] openswan + freeswan config

Paul Wouters paul at xelerance.com
Thu Apr 16 22:31:59 EDT 2009


On Wed, 15 Apr 2009, Aasim Ajaz wrote:

> I am trying to create IPSEC tunnel between two linux system Suse 8 running freeswan 1.98  & Suse 10 running
> openswan 2.4 and so far no success. I have verified network setting few times and they all look good.

Those versions are VERY ancient. All bets are off, and you have known DoS
attacks that are possible against those systems. Plus many bugsfixes
you are missing from the last 5+ years.

> this is traffic flow from right to left side...
> 86: 23:38:48.479208 49.***.29.12.500 > 142.***.208.44.500: udp 212

There is no point loggin udp packets. The first thing IPsec does is
initiate crypto.

> System2:~ # rpm -qa | grep openswan
> openswan-2.4.4-18.9

Should upgrade to 2.4.14 really.

> System2:~ # rpm -qa | grep ipsec
> ipsec-tools-0.6.5-10.10

which does not ipsec-tools

your config looks fine.

> system02:~ # ipsec auto --verbose --up system1-system2
> 002 "system01-system02" #3: initiating Main Mode
> 104 "system01-system02" #3: STATE_MAIN_I1: initiate
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 40s for response

You are not getting an answer to your first packet. This usually means
a firewall is blocking things somewhere.

Paul


More information about the Users mailing list