[Openswan Users] need some help to configure openswan on net tonet

reza issanyr at olympecti.fr
Fri Sep 18 03:46:47 EDT 2009 

Hi, and sorry for this long time without any response.

I always can't establish an ipsec tunnel between two linux box. No firewall, and this is my conf on two side:
conn zola-octi
	left=88.191.xx.xx # public IP of the left linux server
	leftsubnet=192.168.2.0/24
	leftid=88.191.xx.xx # public IP of the left linux server
	leftrsasigkey=0sAQOBQhJbZ3J.... # I have created successfully the ipsec.secret using find and ipsec newhostkey
	#
	right=88.191.xx.xx # public IP of the right linux server
	rightid=88.191.xx.xx
	rightsubnet=192.168.3.0/24
	rightrsasigkey=0sAQOw3qIEV......
	auto=start

And logs :

Sep 18 09:40:30 octi pluto[31206]: "zola-octi" #3: the peer proposed: 192.168.3.0/24:0/0 -> 192.168.2.0/24:0/0
Sep 18 09:40:30 octi pluto[31206]: "zola-octi" #4: responding to Quick Mode proposal {msgid:7666b542}
Sep 18 09:40:30 octi pluto[31206]: "zola-octi" #4:     us: 192.168.3.0/24===88.191.110.149<88.191.110.149>[+S=C]
Sep 18 09:40:30 octi pluto[31206]: "zola-octi" #4:   them: 88.191.89.113<88.191.89.113>[+S=C]===192.168.2.0/24
Sep 18 09:40:30 octi pluto[31206]: "zola-octi" #4: ERROR: netlink response for Add SA comp.a5b0 at 88.191.89.113 included errno 22: Invalid argument
Sep 18 09:40:30 octi pluto[31206]: | add_sa ipcomp failed
Sep 18 09:40:30 octi pluto[31206]: | failed to install outgoing SA: 0
Sep 18 09:40:40 octi pluto[31206]: "zola-octi" #4: discarding duplicate packet; already STATE_QUICK_R0

Any idea to solve my problem please ?

Thanks in advance for your help.

azer.

-----Message d'origine-----
De : Paul Wouters [mailto:paul at xelerance.com] 
Envoyé : vendredi 11 septembre 2009 18:00
À : reza
Cc : users at openswan.org
Objet : RE: [Openswan Users] need some help to configure openswan on net tonet

On Fri, 11 Sep 2009, reza wrote:

> So how can I generate a good one ?

By either causing more 'noise' that fill up the entropy pool, or by waiting longer.
I've found that on low entropy machines, running the following while the keygen
is running seems to work well:

find / -type f | xargs grep SJKfbSKLJDgKDGdgldfjgsgfsd

> I have change the client subnet to 192.168.3.0/24
> but same problem. What are the leftid and the righteid ? Can I put anything in ?

Whatever you want. But start with an "@" to donate a string (else it will try to resolve
your text as a hostname). So:

 	leftid=@paul
 	rightid=@stranger

will work.

Paul

More information about the Users mailing list