[Openswan Users] CentOS host-to-host Ipsec VPN

Marko Mernik marci at mernik.net
Mon Jul 13 14:03:28 EDT 2009 

Hi!

I have a problem with setup of VPN on CentOS 5.3 from CentOS to CentOS
host bouth are 5.3 release.

My ipsec verify:

Host A:
[root at hard ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.14/K2.6.18-128.1.16.el5 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
[root at hard ~]#

Host B:
[root at router quickstarts]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.14/K2.6.18-128.1.10.el5 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
[root at router quickstarts]#

My ipsec.conf
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=all
        plutodebug=all
        # For Red Hat Enterprise Linux and Fedora, leave
protostack=netkey
        protostack=netkey
        nat_traversal=yes


conn CentOSGWh-CentOSSIP
        type=tunnel
        left=89.212.110.115 <MY WAN IP>
        leftsourceip=182.168.5.1 <MY LAN GW IP>
        leftnexthop=89.212.0.1 <MY WAN GATEWAY>
        leftid=@GW
        leftrsasigkey=0sAQNfBmtp9IYym...< RSA KEY >

        right=93.103.133.46 <MY WAN IP HOST B>
        rightid=@SIP
        rightsourceip=192.168.3.1 <MY LAN GW HOST B >
        rightnexthop=93.103.0.1 <MY WAN GATEWAY HOST B>
        rightrsasigkey=0sAQN1E< RSA KEY >
        auto=add

When i run "ipsec auto --up CentOSGWh-CentOSSIP" output:

Host A
[root at router quickstarts]#  ipsec auto --up CentOSGWh-CentOSSIP
117 "CentOSGWh-CentOSSIP" #4: STATE_QUICK_I1: initiate
004 "CentOSGWh-CentOSSIP" #4: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x7c711da1 <0x705e3569
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
[root at router quickstarts]#

Host B
[root at hard ~]# ipsec auto --up CentOSGWh-CentOSSIP
117 "CentOSGWh-CentOSSIP" #5: STATE_QUICK_I1: initiate
004 "CentOSGWh-CentOSSIP" #5: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0xf2b33c6a <0xb71f4981
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
[root at hard ~]#

What am	 i doing wrong ?

lp, Marci

More information about the Users mailing list