[Openswan Users] openswan VPN problems

Ni Wenjuan niwj at cn.fujitsu.com
Tue Jul 28 23:05:33 EDT 2009 

i, I encounter some problems when I using openswan-2.6.31 to configure a VPN.

Fist , when I start ipsec service with the command "ipsec setup start", the
information " padlock: VIA padlock not detected" shows on the screen.

Second, when I do "ipsec auto --up vpn " it just shows the following information

104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.31]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=109

and after a few secods the information "padlock: VIA padlock not detected"
appears again.

I can't figure out what's wrong with it. Can you help me out ?

Bythe way my configuration like below :

主机名     网卡eth1    网卡eth2    默认网关     用途
LServer 192.168.0.21 192.168.2.1 192.168.1.1 Left网关
RServer 192.168.0.22 192.168.3.1 192.168.1.1 Right网关
LClient           192.168.2.2 192.168.2.1 Left客户机
RClient           192.168.3.2 192.168.3.1 Right客户机

the configure files  on Left server  and Right servrer :
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    # klipsdebug=none
    #plutodebug="control parsing"
    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    interfaces=%defaultroute
    protostack=netkey
    nat_traversal=yes
    #virtual_private=
    #oe=off
    # Enable this if you see "failed to find any available worker"
    nhelpers=0
conn vpn
    auto=add
    left=192.168.0.21
    leftid=@RHEL5_4NUT
    leftsubnet=192.168.2.0/24
    leftnexthop=%defaultroute
    leftrsasigkey=0sAQO8o2O4J9...
    right=192.168.0.22
    rightid=@RHEL5_4NUTC
    rightsubnet=192.168.3.0/24
    rightnexthop=%defaultroute
    rightrsasigkey=0sAQO86eWPQe56axz+UFH....


#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
#include /etc/ipsec.d/*.conf

More information about the Users mailing list