[Openswan Users] Running Openswan in CentOS 5

Arnel B. Espanola aespanola at arts.ucla.edu
Mon Feb 2 16:56:18 EST 2009 

I'm not quite familiar with GRE. Do I need to connect the Openswan
server directly to Cisco router to establish GRE tunnel? Will this work
where remote users are connecting from anywhere? From what I see this
GRE can only be implemented with site-to-site VPN connectivity. Or this
also works much like using L2TP? Please advise. Thanks for you help.

Arnel

openswan at thefeds.net wrote:
> I am using Openswan with CentOS 5.0 with the latest (5.2) kernel.
> 
> I am using the latest testing release as it fixed some problems compared
> to the latest stable release. It is easy to compile and RPM using the
> included Fedora spec file. I tried using the CentOS provided version but
> I had a lot of rekeying problems.
> 
> I am not using L2TP, I am using a GRE tunnel.
> 
> My configs look like:
> 
> config setup
>     # NAT-TRAVERSAL support, see README.NAT-Traversal
>     nat_traversal=no
>     # On CentOS 5 there appears to be a problem identifying the protocol
> stack
>     # to use. So we give it a clue.
>     protostack=netkey
>     # turn ip_forward on and off depending on whether we have any VPNs
>     forwardcontrol=yes
> 
> conn tun01a01d
>     left=<lip>
>     right=<rip>
>     leftnexthop=<lgw>
>     rightnexthop=<rgw>
>     leftupdown=/etc/_updown
>     rightupdown=/etc/_updown
>     authby=secret
>     pfs=yes
>     esp=aes256-sha1
>     ike=aes256-sha1
>     #pfsgroup=modp1536
>     type=transport
>     dpddelay=2
>     dpdtimeout=10
>     dpdaction=restart
>     keylife=4h
>     ikelifetime=5h
>     rekeyfuzz=2%
>     rekeymargin=180s
>     auto=start
> 
> Tim
> 
> On Mon, 2 Feb 2009, Arnel B. Espanola wrote:
> 
>> Does anyone here successfully implemented Openswan in CentOS 5? If so
>> can you please advise what version of openswan and l2tp should I
>> install. I've been having issues with it and I already tried different
>> version of openswan but to no avail.
>>
>> Thanks.
>> Arnel
>>
>> Arnel B. Espanola wrote:
>>> So it means I have to continue using the older version until the bugs
>>> are fixed in the latest version?
>>>
>>> Arnel
>>>
>>> Paul Wouters wrote:
>>>> On Fri, 30 Jan 2009, Arnel B. Espanola wrote:
>>>>
>>>>> I've been running this version of Openswan on Fedora 6 for a while
>>>>> without a problem. And I'm using xl2tpd-1.1.11-2.fc6 for L2TP.
>>>>>
>>>>> Linux Openswan U2.4.5/K2.6.22.14-72.fc6 (netkey)
>>>>>
>>>>> But recently I decided to install the latest version of Openswan on
>>>>> CentOS5 and I'm having issues with it and I couldn't find the solution
>>>>> for it. And I installed L2TP from source, l2tpd-0.69cvs20051030-1jdl.
>>>>> Not sure if the L2TP is what causing the problem.
>>>>>
>>>>> Linux Openswan U2.6.19/K2.6.18-92.1.22.el5 (netkey)
>>>>>
>>>>>
>>>>> I just copied the my ipsec.config from old version. And kept some
>>>>> default config from the new version.
>>>> http://bugs.xelerance.com/view.php?id=1004
>>>>
>>>> Paul
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>

More information about the Users mailing list