[Openswan Users] the problem of openswan-2.6.23dr1

weiruyao weiruyao at 163.com
Thu Aug 20 08:54:42 EDT 2009 

Hi Paul:
I get the openswan-2.6.23dr1 from ftp.
After installed.I do three test:
The first is host-to-host tunnel,network topology is shown below:
192.168.1.3===192.168.1.104
I'm hapyy with the ESP packets through up and down.
The second is subnet-to-subnet .Things is ok too.
But the third test fail:I do a roadwarrior test.
Configure file in roadwarrior is :
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
conn tunnelipsec
        type=tunnel
        authby=secret
        left=%defaultroute
        leftid=@wrylab
        right=192.168.1.104
        esp=3des-md5
        keyexchange=ike
        auto=start
I use the psk,the ipsec.secrets is :%any 192.168.1.104: psk "openswan"
The configure file in the server side:
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
conn tunnelipsec
        type=tunnel
        authby=secret
        left=192.168.1.104
        right=%any
        rightid=@wrylab
        esp=3des-md5
        keyexchange=ike
        auto=add
ipsec.secrets is below:192.168.1.104 %any: psk "cisco"
After I restart the openswan ,the log in roadwarrior side shows:
Mar 12 03:21:22 pluto[3984]: "tunnelipsec" #2: initiating Main Mode to replace #1
Mar 12 03:21:22 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]
Mar 12 03:21:32 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)]
Mar 12 03:21:52 pluto[3984]: "tunnelipsec" #2: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.104 port 500, complainant 192.168.1.104: No route to host [errno 113, origin ICMP type 3 code 10 (not authenticated)] 
I can't quite understand.Any suggesion?
One more thing:
I execute ipsec verify ,things seem abnormal:
Pluto listening for NAT-T on udp 4500                           [FAILED]
Two or more interfaces found, checking IP forwarding            [FAILED]
I have already enable ip_forward:
[root at wrylab lo]# cat /proc/sys/net/ipv4/ip_forward 
1
But it also shows FAILED.Can you help me?Thanks in advance.
Below is some network parameters:
In roadwarrior side:
/ $ ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:0A:11:22:33:44  
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7080 errors:156 dropped:0 overruns:0 frame:156
          TX packets:1420 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4500086 (4.2 MiB)  TX bytes:128316 (125.3 KiB)
          Interrupt:21 Base address:0x4000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
/ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
default         *               0.0.0.0         U     0      0        0 eth0
/ $ ip route show
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.3 
default dev eth0  scope link 
/ $ 
In server side:
[root at wrylab lo]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:2B:1E:0B  
          inet addr:192.168.1.104  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe2b:1e0b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1038 errors:0 dropped:0 overruns:0 frame:0
          TX packets:715 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:93978 (91.7 KiB)  TX bytes:82611 (80.6 KiB)
          Interrupt:17 Base address:0x1400 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9551 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:12882655 (12.2 MiB)  TX bytes:12882655 (12.2 MiB)
[root at wrylab lo]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
[root at wrylab lo]# ip route show
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.104 
169.254.0.0/16 dev eth0  scope link 
default via 192.168.1.254 dev eth0 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090820/4c30a1ef/attachment-0001.html

More information about the Users mailing list