[Openswan Users] Openswan network to network example
Paul Wouters
paul at xelerance.com
Fri Feb 13 14:56:17 EST 2009
On Fri, 13 Feb 2009, Enrique Bonet wrote:
> 192.168.100.0/24===147.156.223.83---147.156.222.1...147.156.100.1---147.156.101.228===192.168.200.0/24
> Using Fedora 10 (kernel 2.6.27.12-170.2.4) and Openswan 2.4.9-2, the
> following configuration file (/etc/ipsec.conf) works correctly:
> However, using Openswan 2.6.19-1, the following example does not work
> (I have made many attempts to change parameters and this is my last
> trial):
> Running ipsec auto --up host1-host2 the command "service ipsec status"
> returns:
>
> Ipsec running - pluto pid: XXXX
> pluto pid XXXX
> No tunnels up
Can you tell us what "ip xfrm policy" and "ip xfrm state" say in both
cases?
> I have analyzed the network packets with Wireshark and the packet
> interchange seems to be correct (nine packets, six Identity Protection
> (Main Mode) and three Quick Mode).
Use plutodebug=all and check syslog on both ends for much more information.
Also, please try openswan 2.6.20. Fedora might not yet have packaged it up,
but you should be able to build it with their spec file. Eg:
yum install yum-utils rpm-build
yumdownloader --source openswan
rpm -ihv openswan*src.rpm
download openswan-2.6.20.tar.gz
edit /usr/src/redhat/SPECS/openswan.spec and just change the verison from
2.6.19 to 2.6.20.
(or try the spec file in openswan-2.6.20/packaging/fedora/openswan.spec,
but it will have more changes compared to your 2.6.19 rpm.
Paul
More information about the Users
mailing list