[Openswan Users] openswan VPN problems

Ni Wenjuan niwj at cn.fujitsu.com
Tue Jul 28 22:57:43 EDT 2009


hi, I encounter some problems when I using openswan-2.6.31 to configure a VPN.

Fist , when I start ipsec service with the command "ipsec setup start", the 
information " padlock: VIA padlock not detected" shows on the screen.

Second, when I do "ipsec auto --up vpn " it just shows the following information

104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.31]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=109

and after a few secods the information "padlock: VIA padlock not detected" 
appears again.

I can't figure out what's wrong with it. Can you help me out ?

Bythe way my configuration like below :

主机名     网卡eth1    网卡eth2    默认网关     用途
LServer 192.168.0.21 192.168.2.1 192.168.1.1 Left网关
RServer 192.168.0.22 192.168.3.1 192.168.1.1 Right网关
LClient 	      192.168.2.2 192.168.2.1 Left客户机
RClient 	      192.168.3.2 192.168.3.1 Right客户机

the configure files  on Left server  and Right servrer :
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	# klipsdebug=none
	#plutodebug="control parsing"
	# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
	interfaces=%defaultroute
	protostack=netkey
	nat_traversal=yes
	#virtual_private=
	#oe=off
	# Enable this if you see "failed to find any available worker"
	nhelpers=0
conn vpn
	auto=add
	left=192.168.0.21
	leftid=@RHEL5_4NUT
	leftsubnet=192.168.2.0/24
	leftnexthop=%defaultroute
	leftrsasigkey=0sAQO8o2O4J9...
	right=192.168.0.22
	rightid=@RHEL5_4NUTC
	rightsubnet=192.168.3.0/24
	rightnexthop=%defaultroute
	rightrsasigkey=0sAQO86eWPQe56axz+UFH....
	

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and 
uncomment this.
#include /etc/ipsec.d/*.conf





More information about the Users mailing list