[Openswan Users] PSK VPN
ttelford.groups at gmail.com
Wed Sep 15 07:57:15 EDT 2010
On 2010-09-14 18:49:13 -0600, Michael DiMartino said:
> I am attempting unsuccessfully to set up a site to site PSK VPN w/ my
> Any help with this will be greatly appreciated. I have included my
> config and the logs.
I can't claim to be anythine more than a novice...
Have you read the following thread in the list archive?
Things I've noticed are wrong are below:
> Leftside (openswan)
> Inside IP: 10.179.168.101/19 (eth1)
> Outsite IP : 184.108.40.206/24 (eth0)
> Rightside (sonicwall)
> Inside subnet: 192.168.168.0/24
> Outside IP: 220.127.116.11
> My ipsec.conf file
> config setup
This particular line is only valid if you're using the KLIPS (or mast)
IPsec stack. Your logs indicate that you're using NETKEY: (000 using
kernel interface: netkey)
I'm not positive, but I think
would be the right choice - it's valid, at least.
> conn sonicwall
> left=10.179.168.101 #Inside IP of Openswan server.
> right=18.104.22.168 #IP address of your sonicwall router
> rightsubnet=192.168.168.0/24 # inside subnet of sonicwall
Everything I've read says aggrmode=yes isn't a good idea. I'm not sure
if it's causing your particular problem, however.
As far as your logs go: What OS/Linux distribution are you using? The
contents of 'ipsec auto --status' are useful, but what do the actual
logfiles in /var/log say?
(it helps to use 'grep' to filter out only the entries from 'pluto';
ie. 'cat /var/log/syslog | grep pluto')
More information about the Users