[Openswan Users] Openswan configuration problem

Mateusz Korab korab.mateusz at gmail.com
Wed Jul 15 17:35:30 EDT 2009 

Hello,

I'm trying to set a vpn connection between two linux Debian serwers
usign openswan but with no success:

host_A - Network - host_B


xxxxx.conf host A:
conn xxxxx
        type=tunnel
        leftid=IP_A
        leftsubnet=192.168.5.0/24
        left=IP_A
        right=IP_B
        rightsubnet=192.168.2.0/24
        rightid=IP_B
        ikelifetime=240m
        keylife=3600s
        pfs=no
        esp=3des
        ike=3des-sha1-modp1024
        compress=no
        authby=secret
        keyexchange=ike
        keyingtries=0
        auto=start

xxxxx.conf host B: similarly to host_A

some logs:


host_A:~# tcpdump -i eth0 -n host IP_B
23:40:07.646132 IP IP_A.500 > IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.649403 IP IP_A> IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.658222 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:07.665129 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:10.146828 IP IP_A.5097 > IP_B.1194: UDP, length 53
23:40:12.860429 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.879530 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.887256 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.911884 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.916822 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident[E]
23:40:12.932118 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident[E]
23:40:12.939450 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:12.956407 IP IP_B.500 > IP_A.500: isakmp: phase 2/others R oakley-quick[E]
23:40:12.989818 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:17.205194 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:20.268978 IPIP_A.5097 > IP_B.1194: UDP, length 53
23:40:27.002525 IP IP_B.500 >IP_A.500: isakmp: phase 2/others R inf[E]
23:40:27.207086 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:30.387393 IP IP_A.5097 > IP_B.1194: UDP, length 53

syslog host A
Jul 15 23:46:13 servantes kernel: [5271463.943777] NET: Unregistered
protocol family 15
Jul 15 23:46:13 servantes ipsec_setup: ...Openswan IPsec stopped
Jul 15 23:46:13 servantes ipsec_setup: Stopping Openswan IPsec...
Jul 15 23:46:14 servantes kernel: [5271464.274592] NET: Registered
protocol family 15
Jul 15 23:46:14 servantes kernel: [5271464.522365] padlock: VIA
PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.610551] padlock: VIA
PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.841149] padlock: VIA
PadLock not detected.
Jul 15 23:46:14 servantes kernel: [5271464.986149] Initializing XFRM
netlink socket
Jul 15 23:46:14 servantes ipsec_setup: NETKEY on eth0
IP_A/255.255.255.0 broadcast broadcast_IP_A
Jul 15 23:46:15 servantes ipsec_setup: ...Openswan IPsec started
Jul 15 23:46:15 servantes ipsec_setup: Starting Openswan IPsec 2.4.12...
Jul 15 23:46:16 servantes ipsec__plutorun: 104 "unima" #1:
STATE_MAIN_I1: initiate
Jul 15 23:46:16 servantes ipsec__plutorun: ...could not start conn "xxxxx"

Any suggestion?

krabu

More information about the Users mailing list