[Openswan Users] upgrade openswan on CC 4.3 box

Tue May 19 15:57:35 EDT 2009

Sven and Nick,

Unfortunately I am the same situation as you, I was able to compile
2.4.14  and get the IPSEC tunnel to establish and even get the remote
site connected and traffic flowing. But I cannot get any traffic from
the main office to the remote. (I.E. I can ping from remote but not from
main). 

I think it has something to do with NAT, I am still looking for a
solution.

If I come up with anything I will post here......

Kevin Kizer

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Sven J. van Rooij
Sent: Tuesday, May 19, 2009 2:39 PM
To: Nick Howitt
Cc: users at openswan.org
Subject: Re: [Openswan Users] upgrade openswan on CC 4.3 box

Nick,

Thanks for the quick response.

So I did do the upgrade and same issue...

I get my tunnels up, but now no traffic seems to go across the tunnel.

Pings time out.

And the ipsec verify  gives me this

Checking your system to see if IPsec got installed and started
correctly:

Version check and ipsec on-path                             [OK]

Linux Openswan U2.4.9/K2.6.18-93.cc4 (netkey)

Checking for IPsec support in kernel
[OK]

NETKEY detected, testing for disabled ICMP send_redirects
[FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects

  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects

  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)
[DISABLED]

  ipsec showhostkey: no default key in "/etc/ipsec.secrets"

Checking that pluto is running                                    [OK]

Two or more interfaces found, checking IP forwarding              [OK]

Checking NAT and MASQUERADEing                              

Checking for 'ip' command                                         [OK]

Checking for 'iptables' command                                   [OK]

cat: ipsec.*.conf: No such file or directory

Opportunistic Encryption Support
[DISABLED]

  Cannot execute command "which iptables": No such file or directory

 cat: ipsec.*.conf: No such file or directory

Even though I have disabled the send and accept redirects....

Any ideas??

Sven

From: Nick Howitt [mailto:n1ck.h0w1tt at googlemail.com] 
Sent: Tuesday, May 19, 2009 10:51 AM
To: Sven J. van Rooij
Cc: users at openswan.org
Subject: Re: [Openswan Users] upgrade openswan on CC 4.3 box

Sven,

The instructions in this
<http://forums.clarkconnect.com/showthreaded.php?Cat=0&Number=103109&pag
e=0&vc=1>  thread in the CC forums work fine for Openswan-2.4.14. I
could not make it work with 2.6.18 or 2.6.21. 2.6.18 may compile but
won't run. 2.6.21 will not compile.

I have Openswan working fine as a VPN gateway/router. I just cannot get
the file server to work properly through the VPN, not can I get pings to
and from the gateway work reliably through the tunnel. LAN-LAN traffic
through the gateway is OK.

I was going to wait until CC5 (Openswan-2.6.14) is released before
troubleshooting this any further.

Nick

Sven J. van Rooij wrote: 

An anyone direct me towards a good set of instructions on how to upgrade
openswan on a clark connect box.

Regardless which version (besides the original)  I choose, I end up with
a tunnel, but no traffic on it.

PLEASE HELP!

Thanks,

Sven

  _____  

_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090519/8bb95248/attachment-0001.html 