[Openswan Users] Wrong conf ipsec
ALAEDDINE abbech
alasupcom at yahoo.fr
Mon Feb 23 06:52:46 EST 2009
Hi all;
I'm new in openswan mailing list.
I have estabilished ipsec tunnel beetwen two host machines.
172.30.0.3 - host A <------ipsec------> host B - 172.30.2.10
My /etc/ipsec.conf in host A is:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
conn %default
keyingtries=0
# disablearrivalcheck=no
authby=rsasig
# leftrsasigkey=%dns
# rightrsasigkey=%dns
conn test
auto=start
left=172.30.0.3
right=172.30.0.10
keyexchange=ike
esp=3des-sha1-96
keyingtries=0
rekeymargin=4m
type=transport
disablearrivalcheck=no
authby=secret
pfs=yes
and /etc/ipsec.secrets in A is:
172.30.0.10 172.30.0.3: PSK 0x123456
My /etc/ipsec.conf in host B is:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=none
#plutodebug="control parsing"
conn %default
keyingtries=0
# disablearrivalcheck=no
authby=rsasig
# leftrsasigkey=%dns
# rightrsasigkey=%dns
conn test
auto=start
left=172.30.0.3
right=172.30.0.10
keyexchange=ike
esp=3des-sha1-96
keyingtries=0
rekeymargin=4m
type=transport
disablearrivalcheck=no
authby=secret
pfs=yes
and /etc/ipsec.secrets in B is:
172.30.0.3 172.30.0.10: PSK 0x123456
i restart ipsec service and i (#ipsec auto --up test) in both host
i have this message:
117 "test" #14: STATE_QUICK_I1: initiate
004 "test" #14: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0x11aed5dd <0xeabdc300 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
and #ipsec setup status i have this message in both host
IPsec running - pluto pid: 3963
pluto pid 3963
No tunnels up
i do #ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-92.1.10.el5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: RTPPROXY [MISSING]
Cannot execute command "host -t txt RTPPROXY": No such file or directory
Does the machine have at least one non-private address? [FAILED]
I don't know where is the fault in my config
Please who can help me.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090223/c75294ee/attachment-0001.html
More information about the Users
mailing list