[Openswan Users] 3DES-SHA still supported? What am I doing wrong?
Ben Schmidt
crackhd2 at gmail.com
Mon Apr 11 04:23:56 EDT 2011
Hello Willie, Hellp OpenSwan Maillinglist,
On Sun, Apr 10, 2011 at 10:02 PM, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> I didn't see in your firewall configuration that you were allowing udp port
> 500. But perhaps you are allowing all traffic to/from the Juniper, I didn't
> look for that.
Should be open, right?
############
router:/var/log# nmap -p 500 -sU hoster_vpn_ip
Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-11 10:13 CEST
Interesting ports on hoster_vpn_ip (hoster_vpn_ip):
PORT STATE SERVICE
500/udp open|filtered isakmp
Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
############
>
> Anyway, if that doesn't seem to be it, could I also see your log file from
> an attempt to start IPsec?
>
> For my boxes, it's /var/log/auth or /var/log/auth.log. Sometimes it's in
> /var/log/secure though.
The only thing I could find was in /var/log/messages >
http://pastebin.com/pYXmYLCW
Thanks a lot for your help,
Ben
>
> On 4/10/2011 5:07 AM, Ben Schmidt wrote:
>>
>> Hello Mailinglist,
>>
>> I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
>> a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
>> tunnel out internal Network to our private /24 there.
>> We're usually using a Lancom VPN/FW Box but traffic is increasing and
>> the Box is operating at it's limit so it needs to be replaced plus
>> it's really a pain and I'm glad if we can get rid of it.
>>
>> I know that the Hosters VPN Box is setup to allow:
>> Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800
>> Seconds)
>> Phase 2: DH Group2, 3DES SHA
>>
>> So it should look like that
>> Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
>> private Network at Hoster
>> 10.0.0.0/22> 10.0.0.1> public_ip> inet> hoster_ip
>> > 10.25.28.0/24
>>
>> The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
>>
>> "ipsec verify"> http://pastebin.com/qx2BC9mA
>> "ipsec auto --status"> http://pastebin.com/LnvCucMT
>> "/etc/ipsec.conf"> http://pastebin.com/uth4Xd1r
>> "/etc/ipsec.secrets"> http://pastebin.com/jznT3hBu
>> "ipsec barf"> http://pastebin.com/Fdn7kLH1
>>
>> I'm just trying on the Router without and net to net tunnels yet to
>> take out sources of errors.
>>
>> So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
>> Phase1 wasn't successful.
>>
>> What am I doing wrong? Could somebody please point me in a direction
>> on where to look at?
>>
>> Thanks a lot,
>>
>> Ben
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list