[Openswan Users] Cisco to Openswan and backwards

Frederik Gaab f.gaab at microlab.de
Tue Nov 9 04:37:10 EST 2010 


Hello everyone!

I have a OpenswanCisco Router (as Client) Setup and the connection from
Cisco to Openswan works perfectly.
So i can work from Office1 etc. at the Main Office Net.

But now i want to do something from the Main Office in the Office1 Net
(first i like to ping). It is necessary for Users, who likes to print in the
Office1 Net from the Main Office.
With the old CiscoCisco configuration it worked just fine, so the Ciscos are
configured right.

Because there are more than 1 Client Net and every Cisco has a dynamic IP, i
need to setup a Roadwarriorconn.

Here's my ipsec.conf:
-----------------------------------------------
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46 paul Exp $

# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
 # plutodebug / klipsdebug = "all", "none" or a combation from below:
 # "raw crypt parsing emitting control klips pfkey natt x509 private"
 # eg: plutodebug="control parsing"
 #
 # ONLY enable plutodebug=all or klipsdebug=all if you are a developer!!
 #
 # NAT-TRAVERSAL support, see README.NAT-Traversal
 nat_traversal=yes
 virtual_private=%v4:192.168.10.0/24,%v4:192.168.11.0/24,%v4:192.168.12.0/24,%v4:192.168.13.0/24,%v4:192.168.14.0/24,%v4:192.168.16.0/24,%v4:!192.168.1.0/24
 #
 # enable this if you see "failed to find any available worker"
 protostack=netkey
 nhelpers=0
 #klipsdebug=none
 plutodebug="control parsing raw emitting"
 plutostderrlog=/var/log/pluto.log
 interfaces=%defaultroute
 uniqueids=yes
 #forwardcontrol=yes

# Add connections here

conn %default
 left=217.5.234.18
 #leftnexthop=217.5.234.18
 leftsubnet=192.168.1.0/24
 auth=esp
 esp=3des-sha1
 pfs=no
 ike=3des-md5-modp1024
 keyingtries=%forever
 ikelifetime=8h
 keylife=8h
 keyexchange=ike
 authby=secret
 disablearrivalcheck=no
conn l2l
 type=tunnel
 leftsourceip=192.168.1.254
 auto=add
 right=%any
 rightsubnet=vhost:%priv
-----------------------------------------------

I tried many ways to get a Lan2Lan connection:
Setting rightsubnet, rightnexthop, rightsourceip, type to transport and
tried setting custom routes.
I spend 2 days searching the Internet for a solution, maybe my head is too
confused now and it is just a little trigger i have to set ;-)

I have attached the output of "ipsec barf".

Regards,
F. Gaab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101109/f827d0ed/attachment-0001.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ph-router_ipsec-barf.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20101109/f827d0ed/attachment-0001.txt

More information about the Users mailing list