[Openswan Users] openswan VPN problems
Ni Wenjuan
niwj at cn.fujitsu.com
Tue Jul 28 22:57:43 EDT 2009
hi, I encounter some problems when I using openswan-2.6.31 to configure a VPN.
Fist , when I start ipsec service with the command "ipsec setup start", the
information " padlock: VIA padlock not detected" shows on the screen.
Second, when I do "ipsec auto --up vpn " it just shows the following information
104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.31]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=109
and after a few secods the information "padlock: VIA padlock not detected"
appears again.
I can't figure out what's wrong with it. Can you help me out ?
Bythe way my configuration like below :
主机名 网卡eth1 网卡eth2 默认网关 用途
LServer 192.168.0.21 192.168.2.1 192.168.1.1 Left网关
RServer 192.168.0.22 192.168.3.1 192.168.1.1 Right网关
LClient 192.168.2.2 192.168.2.1 Left客户机
RClient 192.168.3.2 192.168.3.1 Right客户机
the configure files on Left server and Right servrer :
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
#plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
interfaces=%defaultroute
protostack=netkey
nat_traversal=yes
#virtual_private=
#oe=off
# Enable this if you see "failed to find any available worker"
nhelpers=0
conn vpn
auto=add
left=192.168.0.21
leftid=@RHEL5_4NUT
leftsubnet=192.168.2.0/24
leftnexthop=%defaultroute
leftrsasigkey=0sAQO8o2O4J9...
right=192.168.0.22
rightid=@RHEL5_4NUTC
rightsubnet=192.168.3.0/24
rightnexthop=%defaultroute
rightrsasigkey=0sAQO86eWPQe56axz+UFH....
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
#include /etc/ipsec.d/*.conf
More information about the Users
mailing list