[Openswan Users] Openswan configuration problem
Mateusz Korab
korab.mateusz at gmail.com
Wed Jul 15 17:35:30 EDT 2009
Hello,
I'm trying to set a vpn connection between two linux Debian serwers
usign openswan but with no success:
host_A - Network - host_B
xxxxx.conf host A:
conn xxxxx
type=tunnel
leftid=IP_A
leftsubnet=192.168.5.0/24
left=IP_A
right=IP_B
rightsubnet=192.168.2.0/24
rightid=IP_B
ikelifetime=240m
keylife=3600s
pfs=no
esp=3des
ike=3des-sha1-modp1024
compress=no
authby=secret
keyexchange=ike
keyingtries=0
auto=start
xxxxx.conf host B: similarly to host_A
some logs:
host_A:~# tcpdump -i eth0 -n host IP_B
23:40:07.646132 IP IP_A.500 > IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.649403 IP IP_A> IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.658222 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:07.665129 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:10.146828 IP IP_A.5097 > IP_B.1194: UDP, length 53
23:40:12.860429 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.879530 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.887256 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.911884 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.916822 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident[E]
23:40:12.932118 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident[E]
23:40:12.939450 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:12.956407 IP IP_B.500 > IP_A.500: isakmp: phase 2/others R oakley-quick[E]
23:40:12.989818 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:17.205194 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:20.268978 IPIP_A.5097 > IP_B.1194: UDP, length 53
23:40:27.002525 IP IP_B.500 >IP_A.500: isakmp: phase 2/others R inf[E]
23:40:27.207086 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:30.387393 IP IP_A.5097 > IP_B.1194: UDP, length 53
syslog host A
Jul 15 23:46:13 servantes kernel: [5271463.943777] NET: Unregistered
protocol family 15
Jul 15 23:46:13 servantes ipsec_setup: ...Openswan IPsec stopped
Jul 15 23:46:13 servantes ipsec_setup: Stopping Openswan IPsec...
Jul 15 23:46:14 servantes kernel: [5271464.274592] NET: Registered
protocol family 15
Jul 15 23:46:14 servantes kernel: [5271464.522365] padlock: VIA
PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.610551] padlock: VIA
PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.841149] padlock: VIA
PadLock not detected.
Jul 15 23:46:14 servantes kernel: [5271464.986149] Initializing XFRM
netlink socket
Jul 15 23:46:14 servantes ipsec_setup: NETKEY on eth0
IP_A/255.255.255.0 broadcast broadcast_IP_A
Jul 15 23:46:15 servantes ipsec_setup: ...Openswan IPsec started
Jul 15 23:46:15 servantes ipsec_setup: Starting Openswan IPsec 2.4.12...
Jul 15 23:46:16 servantes ipsec__plutorun: 104 "unima" #1:
STATE_MAIN_I1: initiate
Jul 15 23:46:16 servantes ipsec__plutorun: ...could not start conn "xxxxx"
Any suggestion?
krabu
More information about the Users
mailing list