[Openswan Users] openswan 2.4.x is working but 2.6.x cannot initiate

Roel van Meer rolek at bokxing.nl
Wed Sep 1 11:21:34 EDT 2010 

Hi list,

I'm setting up a connection between openswan on a slackware linux box and a 
draytek Vigor2200E-plus and ran into a bit of trouble. When I use openswan 
2.4.x, everything works as expected, but when I use openswan 2.6.x, I can 
only initiate a connection from the draytek, not from the linux box.

With 2.6.x, I see the linux box sending the STATE_MAIN_I1: initiate packet, 
but there is no reply whatsoever. It's probably a configuration issue, but I 
can't seem to figure it out. It seems to me most config should be correct, 
since I can initiate the configuration from the draytek with all userspace 
versions I've tried. That means it's not a problem with the shared key 
either.

I've tried different userspace versions of openswan (named below) and 
various config setups, but haven't succeeded in creating a setup where I can 
initiate a connection from the linux box with openswan 2.6.x.

If anybody could point me in a direction where to look, I'd be very 
grateful. Below is some information; if more is needed please let me know.

Thanks in advance,

roel

The setup is as follows:
Left: linux slackware 13.1, i486, with vanilla kernel 2.6.32.21 and ipsec
module from openswan 2.6.28, without NATT
Right: Draytek Vigor2200E-plus


I've tested the following userspace versions:
2.4.5: both sides can initiate
2.4.8: both sides can initiate
2.4.15: both sides can initiate
2.6.23: only draytek can initiate
2.6.28: only draytek can initiate


----/---- ipsec.conf (for 2.4.x, which is working)
version 2.0

config setup

conn bkxtest
        right=a.b.c.d
        rightsubnet=192.168.1.1/24
        type=tunnel
        left=e.f.g.h
        leftsubnet=192.168.3.1/24
        authby=secret
        auto=route
        pfs=yes

include /etc/ipsec.d/examples/no_oe.conf
----/----

----/---- ipsec.conf (for 2.6.x, which isn't)
version 2.0     

config setup
        
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,,%v4:!192.168.3.0/24
        protostack=klips

conn bkxtest
        right=a.b.c.d
        rightsubnet=192.168.1.1/24
        type=tunnel
        left=e.f.g.h
        leftsubnet=192.168.3.1/24
        authby=secret
        auto=route
        pfs=yes
----/----

More information about the Users mailing list