[Openswan Users] 3DES-SHA still supported? What am I doing wrong?
Willie Gillespie
wgillespie+openswan at es2eng.com
Sun Apr 10 16:02:52 EDT 2011
I didn't see in your firewall configuration that you were allowing udp
port 500. But perhaps you are allowing all traffic to/from the Juniper,
I didn't look for that.
Anyway, if that doesn't seem to be it, could I also see your log file
from an attempt to start IPsec?
For my boxes, it's /var/log/auth or /var/log/auth.log. Sometimes it's
in /var/log/secure though.
On 4/10/2011 5:07 AM, Ben Schmidt wrote:
> Hello Mailinglist,
>
> I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
> a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
> tunnel out internal Network to our private /24 there.
> We're usually using a Lancom VPN/FW Box but traffic is increasing and
> the Box is operating at it's limit so it needs to be replaced plus
> it's really a pain and I'm glad if we can get rid of it.
>
> I know that the Hosters VPN Box is setup to allow:
> Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800 Seconds)
> Phase 2: DH Group2, 3DES SHA
>
> So it should look like that
> Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
> private Network at Hoster
> 10.0.0.0/22> 10.0.0.1> public_ip> inet> hoster_ip
> > 10.25.28.0/24
>
> The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
>
> "ipsec verify"> http://pastebin.com/qx2BC9mA
> "ipsec auto --status"> http://pastebin.com/LnvCucMT
> "/etc/ipsec.conf"> http://pastebin.com/uth4Xd1r
> "/etc/ipsec.secrets"> http://pastebin.com/jznT3hBu
> "ipsec barf"> http://pastebin.com/Fdn7kLH1
>
> I'm just trying on the Router without and net to net tunnels yet to
> take out sources of errors.
>
> So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
> Phase1 wasn't successful.
>
> What am I doing wrong? Could somebody please point me in a direction
> on where to look at?
>
> Thanks a lot,
>
> Ben
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list