[Openswan Users] net-to-net - openswan 2.6.18 on k.2.6.24.7

Wed Jan 7 12:19:58 EST 2009

Hi all,

I have installed kernel 2.6.24.7 + klips patch + openswan 2.6.18
I have made a net-to-net config. The connection start but I cannot
ping the end of the tunnel.

ping 192.168.23.1 -I eth1 not working
ping 192.168.10.254 -I eth1 not working

ping 192.168.10.254 -I eth1
PING 192.168.10.254 (192.168.10.254) from 192.168.23.1 eth1: 56(84) bytes of
data.
>From 192.168.23.1 icmp_seq=2 Destination Host Unreachable
>From 192.168.23.1 icmp_seq=3 Destination Host Unreachable
>From 192.168.23.1 icmp_seq=4 Destination Host Unreachable

A config(and same config to B but different ipsec.secrets)

version 2.0

config setup
    interfaces="ipsec0=eth0"
    protostack=klips

conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

conn A-B
    left=WAN_IP_FROM_A
    leftnexthop=GATEWAY_FROM_A
    leftsubnet=192.168.10.0/24
    right=WAN_IP_FROM_B
    rightnexthop=GATEWAY_FROM_B
    rightsubnet=192.168.23.0/24
    type=tunnel
    auth=esp
    leftrsasigkey=0sAQOY...
    rightrsasigkey=0sAQNqB...
    auto=start

in /var/log/syslog I have:
   Jan  7 19:13:12 vpn ipsec_setup: Starting Openswan IPsec 2.6.18...
   Jan  7 19:13:12 vpn ipsec__plutorun: 002 added connection description
"A-B"
   Jan  7 19:13:12 vpn ipsec__plutorun: 104 "A-B" #1: STATE_MAIN_I1:
initiate

in /var/log.secure I have:
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: received Vendor ID payload
[CAN-IKEv2]
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: Main mode peer ID is
ID_IPV4_ADDR: '82.79.83.23'
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #1: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp2048}
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #2: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:beed36ed
proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #2: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
Jan  7 19:15:57 vpn pluto[10094]: "A-B" #2: STATE_QUICK_I2: sent QI2, IPsec
SA established tunnel mode {ESP=>0x45d84918 <0x892b2f5a
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Jan  7 19:16:16 vpn pluto[10094]: "A-B" #1: ignoring Delete SA payload:
PROTO_IPSEC_ESP SA(0x45d84917) not found (maybe expired)
Jan  7 19:16:16 vpn pluto[10094]: "A-B" #1: received and ignored
informational message

Thx for Help.

--
TC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090107/2a9e1140/attachment.html 