[Openswan Users] subnet-to-subnet problem

David McCullough David_Mccullough at securecomputing.com
Tue Oct 13 19:26:04 EDT 2009 

Jivin farajian amin lays it down ...
> Dear Paul,
> Thanks for your fast reply.
> 
> The PSK key of both sides is "123" :) , and it works fine with host to host configuration.
> Also, we are restricted to use linux 2.6.21.1 , and i think cross-compiling openswan 2.6.23 on this kernel takes along time.
> Could you please explain me , where the problem is , or if there is any patches for openswan-2.6.19 to solve this problem.

Pretty sure it was mainly this one:

	http://git.openswan.org/cgi-bin/gitweb.cgi?p=openswan.public/.git;a=commit;h=faf0b309e2b3b8a937a7a9f4485dc828c374ccac

You can download a raw diff from that page IIRC, still,  there are lots of
other bugs as well,  and cross compiling OS only takes a few minutes if
you already know how to build it,

Cheers,
Davidm


> ----- Original Message ----
> From: Paul Wouters <paul at xelerance.com>
> To: farajian amin <amin_o_city at yahoo.com>
> Cc: users at openswan.org
> Sent: Tue, October 13, 2009 7:26:31 PM
> Subject: Re: [Openswan Users] subnet-to-subnet problem
> 
> On Tue, 13 Oct 2009, farajian amin wrote:
> 
> > We have 2 embbeded boards with sparc 200Mhz processors running linux 2.6.21.1. We have added openswan 2.6.19 with KLIPS support on it. They work fine with together when the ipsec.config contains only host to host configurations.
> > The problem is started when we want to have a subnet to subnet configuration, at it shows itself as a series of commands as follows.
> >
> > In the initiator board :
> > ----- "net_to_net" #2: message ignored because it contains an unexpected payload type ISAKMP_NEXT_HASH)
> > ----- "net_to_net" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 192.168.1.87:500
> 
> This was fixed in openswan 2.6.23. (or you made a typo in the PSK)
> 
> Paul
> 
> 
> 
>       
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 
> 

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org

More information about the Users mailing list