[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
whit at transpect.com
Tue Mar 9 12:48:24 EST 2010
> Debian/ubuntu ships horribly old openswan packages.
I've installed openswan-2.6.24 from source. Note compiling it required
libgmp3-dev, bison and flex, in addition to what I already happened to have
installed on the Ubuntu box.
> >At the Cisco end they prefer as defaults (but will alter if required):
> >Phase 1 - pre-g2-3des-sha-86400s
> >Phase 2 - pfs2-esp-3des-sha-28800s
> >and a PSK (not cert)
> Should work.
At the moment I'm stuck on:
# ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.24/K2.6.24-19-server...
ipsec_setup: no default routes detected
Is that a fatal error? My routing rules and tables are complex, so it's not
going to find a default route where it expects to if it's being simple
minded. I do have a specific route set to the other end:
# ip ro ls
yy.yy.yy.222 via xx.xx.xx.97 dev eth5 src xx.xx.xx.114
And I can ping it by that route.
My ipsec.conf looks like:
left=xx.xx.xx.114 # my IP
right=yy.yy.yy.222 # IP address of Cisco ASA 5510
rightsubnet=zz.zz.zz.192/26 # LAN behind Cisco
And it's obviously not getting anywhere yet:
# ipsec auto --up cisco
104 "cisco" #1: STATE_MAIN_I1: initiate
010 "cisco" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
No sign this is an iptables problem - I've got the rules re-enabled there
that were working a while back for freeswan.
Thanks for any clues,
More information about the Users