[Openswan Users] 3DES-SHA still supported? What am I doing wrong?

Willie Gillespie wgillespie+openswan at es2eng.com
Sun Apr 10 16:02:52 EDT 2011


I didn't see in your firewall configuration that you were allowing udp 
port 500.  But perhaps you are allowing all traffic to/from the Juniper, 
I didn't look for that.

Anyway, if that doesn't seem to be it, could I also see your log file 
from an attempt to start IPsec?

For my boxes, it's /var/log/auth or /var/log/auth.log.  Sometimes it's 
in /var/log/secure though.

On 4/10/2011 5:07 AM, Ben Schmidt wrote:
> Hello Mailinglist,
>
> I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
> a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
> tunnel out internal Network to our private /24 there.
> We're usually using a Lancom VPN/FW Box but traffic is increasing and
> the Box is operating at it's limit so it needs to be replaced plus
> it's really a pain and I'm glad if we can get rid of it.
>
> I know that the Hosters VPN Box is setup to allow:
> Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800 Seconds)
> Phase 2: DH Group2, 3DES SHA
>
> So it should look like that
> Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
> private Network at Hoster
> 10.0.0.0/22>  10.0.0.1>  public_ip>   inet>   hoster_ip
>   >  10.25.28.0/24
>
> The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
>
> "ipsec verify">  http://pastebin.com/qx2BC9mA
> "ipsec auto --status">  http://pastebin.com/LnvCucMT
> "/etc/ipsec.conf">  http://pastebin.com/uth4Xd1r
> "/etc/ipsec.secrets">  http://pastebin.com/jznT3hBu
> "ipsec barf">  http://pastebin.com/Fdn7kLH1
>
> I'm just trying on the Router without and net to net tunnels yet to
> take out sources of errors.
>
> So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
> Phase1 wasn't successful.
>
> What am I doing wrong? Could somebody please point me in a direction
> on where to look at?
>
> Thanks a lot,
>
> Ben
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list