[Openswan Users] openswan VPN problems

Mehran Toreihi vpnbook at gmail.com
Wed Jul 29 00:37:35 EDT 2009 

On Wed, Jul 29, 2009 at 7:35 AM, Ni Wenjuan<niwj at cn.fujitsu.com> wrote:
> i, I encounter some problems when I using openswan-2.6.31 to configure a VPN.
>
> Fist , when I start ipsec service with the command "ipsec setup start", the
> information " padlock: VIA padlock not detected" shows on the screen.
>

Find PADLOCK in kernel configuration (.config file in kernel
directory) and disable it. Then compile your kernel again and use the
new kernel instead.


> Second, when I do "ipsec auto --up vpn " it just shows the following information
>
> 104 "net-to-net" #1: STATE_MAIN_I1: initiate
> 003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.31]
> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
> 003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=109
>
> and after a few secods the information "padlock: VIA padlock not detected"
> appears again.
>
> I can't figure out what's wrong with it. Can you help me out ?
>
> Bythe way my configuration like below :
>
> 主机名     网卡eth1    网卡eth2    默认网关     用途
> LServer 192.168.0.21 192.168.2.1 192.168.1.1 Left网关
> RServer 192.168.0.22 192.168.3.1 192.168.1.1 Right网关
> LClient           192.168.2.2 192.168.2.1 Left客户机
> RClient           192.168.3.2 192.168.3.1 Right客户机
>
> the configure files  on Left server  and Right servrer :
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:     ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>
> version    2.0    # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>    # klipsdebug=none
>    #plutodebug="control parsing"
>    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>    interfaces=%defaultroute
>    protostack=netkey
>    nat_traversal=yes
>    #virtual_private=
>    #oe=off
>    # Enable this if you see "failed to find any available worker"
>    nhelpers=0
> conn vpn
>    auto=add
>    left=192.168.0.21
>    leftid=@RHEL5_4NUT
>    leftsubnet=192.168.2.0/24
>    leftnexthop=%defaultroute
>    leftrsasigkey=0sAQO8o2O4J9...
>    right=192.168.0.22
>    rightid=@RHEL5_4NUTC
>    rightsubnet=192.168.3.0/24
>    rightnexthop=%defaultroute
>    rightrsasigkey=0sAQO86eWPQe56axz+UFH....
>
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> #include /etc/ipsec.d/*.conf
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

Mehran Toreihi

More information about the Users mailing list