[Openswan Users] VPN one way encryption

Bram H groenblik at gmail.com
Mon Apr 20 10:51:24 EDT 2009 

All,

I have a sort of working roadwarrior setup. I used
http://www.natecarlson.com/linux/ipsec-x509.php to get it working (a few
errors in the document). My roadwarrior consists of multiple PC's in a
network, the gateway on that network connects to a central server. Both
gateway and server are running openswan. So it must be possible to access
the server from the pc's in the roadwarrior network and to access all of the
PC's from the server.

Well, it works one way. I can connect to all of the client PC's from the
server. With TCPDUMP I see esp packages traveling trough the network. But
when I ping the server from one of the clients the traffic is just plain, it
used the normal internet connection and not the tunnel.

I have attached both ipsec.conf files. I tried adding a subnet
0.0.0.0/0both that does not make any differece. I also tried to
reverse leftsubnet on
the client, but that leads to an INVALID_ID_INFORMATION. I belive the rror
must be in the left/rightsubnet declaration.

Is there someone who can tell me how I can fix this?

Kind regards,
Bram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090420/a693e064/attachment.html 
-------------- next part --------------
config setup
        interfaces=%defaultroute
        nat_traversal=yes
        plutodebug=none
        plutostderrlog=/var/log/pluto.log

conn %default
        keyingtries=%forever
        compress=yes
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn road
        left=72.58.xxx.xxx
        leftsubnet=72.58.xxx.xxx/32
        leftcert=server.comp.nl.pem
        right=%defaultroute
        rightsubnet=10.0.3.0/24
        rightcert=client03.comp.nl.pem
        auto=start
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore
-------------- next part --------------
sion 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8
        plutodebug=none
        plutostderrlog=/var/log/pluto.log

conn %default
        keyingtries=100
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn road
        left=72.58.xxx.xxx
        leftsubnet=72.58.xxx.xxx/32
        leftcert=server.comp.nl.pem
        right=%any
        rightsubnet=10.0.3.0/24
        auto=add
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

More information about the Users mailing list