[Openswan Users] IPSec Host to Host over Internet Tunnel Configuration

simon charles charlessimon at hotmail.com
Mon Oct 5 18:01:37 EDT 2009 

Vladimir ,
         Which version of openswan are you using in this setup ? Please copy the complete ipsec.conf file , ipsec.secrets file , the output of "ipsec verify" command and output from "ip a" command from both vpn concentrators.
           Thanks .

- Simon Charles - 




> Date: Sat, 3 Oct 2009 13:29:04 +0200
> From: mozillaner at gmail.com
> To: users at openswan.org
> Subject: [Openswan Users] IPSec Host to Host over Internet Tunnel	Configuration
> 
> Dear OpenSwan Users,
> 
> I'm trying for some time to establish an OpenSwan tunnel connection
> between two hosts over the Internet, but unfortunately until now
> without success.
> 
> This is a test setup for a university project and the configuration is
> as follows:
> 
> # Host_1 # ------------ ######### PC with two NIC's ##########
> ----------- INTERNET -----------  # Host_2 #
> 192.168.1.3		192.168.1.2		130.83.239.102					130.83.239.101
> 
> 
> The router function on the PC is activated. The secure tunnel
> connection must be established between the Host_1 in a private network
> and Host_2 on the Internet.
> 
> The ipsec.conf files are as follows:
> 
> #Host_1 ipsec.conf
> conn Host_1_to_Host_2
>       left=192.168.1.3
>       leftnexthop=192.168.1.2
>       right=130.83.239.101
>       presharedkey=secret
>       network=lan
>       auto=start
>       authmode=SHA1
>       pfs=yes
>       type=tunnel
> 
> #Host_2 ipsec.conf
> conn Host_2_to_Host_1
>       left=130.83.239.101
>       right=192.168.1.3
>       rightnexthop=130.83.239.102
>       presharedkey=secret
>       network=lan
>       auto=start
>       authmode=SHA1
>       pfs=yes
>       type=tunnel
> 
> If I try to ping the Host_2 from Host_1 I'll get always the message
> "IP security is being negotiated". The ping from Host_2 to Host_1
> fails with "Request timed out.".
> 
> Are the config files correct?
> 
> What is wrong in my configuration above?
> 
> Thanks,
> Vladimir
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091005/8c89a5bf/attachment-0001.html

More information about the Users mailing list