[Openswan Users] openswan + freeswan config
Paul Wouters
paul at xelerance.com
Thu Apr 16 22:31:59 EDT 2009
On Wed, 15 Apr 2009, Aasim Ajaz wrote:
> I am trying to create IPSEC tunnel between two linux system Suse 8 running freeswan 1.98 & Suse 10 running
> openswan 2.4 and so far no success. I have verified network setting few times and they all look good.
Those versions are VERY ancient. All bets are off, and you have known DoS
attacks that are possible against those systems. Plus many bugsfixes
you are missing from the last 5+ years.
> this is traffic flow from right to left side...
> 86: 23:38:48.479208 49.***.29.12.500 > 142.***.208.44.500: udp 212
There is no point loggin udp packets. The first thing IPsec does is
initiate crypto.
> System2:~ # rpm -qa | grep openswan
> openswan-2.4.4-18.9
Should upgrade to 2.4.14 really.
> System2:~ # rpm -qa | grep ipsec
> ipsec-tools-0.6.5-10.10
which does not ipsec-tools
your config looks fine.
> system02:~ # ipsec auto --verbose --up system1-system2
> 002 "system01-system02" #3: initiating Main Mode
> 104 "system01-system02" #3: STATE_MAIN_I1: initiate
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "system01-system02" #3: STATE_MAIN_I1: retransmission; will wait 40s for response
You are not getting an answer to your first packet. This usually means
a firewall is blocking things somewhere.
Paul
More information about the Users
mailing list