[Openswan Users] 3DES-SHA still supported? What am I doing wrong?

Ben Schmidt crackhd2 at gmail.com
Mon Apr 11 09:19:46 EDT 2011


Hello Willie, Hello Everyone,

after I added "plutostderrlog=/var/log/pluto.log" in the config
Section of /etc/ipsec.conf and restarting openswan I got this log in
the newly created logfile: http://pastebin.com/cUZGR2z6

Thanks,

Ben

On Mon, Apr 11, 2011 at 10:23 AM, Ben Schmidt <crackhd2 at gmail.com> wrote:
> Hello Willie, Hellp OpenSwan Maillinglist,
>
> On Sun, Apr 10, 2011 at 10:02 PM, Willie Gillespie
> <wgillespie+openswan at es2eng.com> wrote:
>> I didn't see in your firewall configuration that you were allowing udp port
>> 500.  But perhaps you are allowing all traffic to/from the Juniper, I didn't
>> look for that.
> Should be open, right?
> ############
> router:/var/log# nmap -p 500 -sU hoster_vpn_ip
>
> Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-11 10:13 CEST
> Interesting ports on hoster_vpn_ip (hoster_vpn_ip):
> PORT    STATE         SERVICE
> 500/udp open|filtered isakmp
>
> Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds
> ############
>>
>> Anyway, if that doesn't seem to be it, could I also see your log file from
>> an attempt to start IPsec?
>>
>> For my boxes, it's /var/log/auth or /var/log/auth.log.  Sometimes it's in
>> /var/log/secure though.
> The only thing I could find was in /var/log/messages >
> http://pastebin.com/pYXmYLCW
>
> Thanks a lot for your help,
>
> Ben
>
>>
>> On 4/10/2011 5:07 AM, Ben Schmidt wrote:
>>>
>>> Hello Mailinglist,
>>>
>>> I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
>>> a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
>>> tunnel out internal Network to our private /24 there.
>>> We're usually using a Lancom VPN/FW Box but traffic is increasing and
>>> the Box is operating at it's limit so it needs to be replaced plus
>>> it's really a pain and I'm glad if we can get rid of it.
>>>
>>> I know that the Hosters VPN Box is setup to allow:
>>> Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800
>>> Seconds)
>>> Phase 2: DH Group2, 3DES SHA
>>>
>>> So it should look like that
>>> Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
>>> private Network at Hoster
>>> 10.0.0.0/22>  10.0.0.1>  public_ip>   inet>   hoster_ip
>>>  >  10.25.28.0/24
>>>
>>> The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
>>>
>>> "ipsec verify">  http://pastebin.com/qx2BC9mA
>>> "ipsec auto --status">  http://pastebin.com/LnvCucMT
>>> "/etc/ipsec.conf">  http://pastebin.com/uth4Xd1r
>>> "/etc/ipsec.secrets">  http://pastebin.com/jznT3hBu
>>> "ipsec barf">  http://pastebin.com/Fdn7kLH1
>>>
>>> I'm just trying on the Router without and net to net tunnels yet to
>>> take out sources of errors.
>>>
>>> So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
>>> Phase1 wasn't successful.
>>>
>>> What am I doing wrong? Could somebody please point me in a direction
>>> on where to look at?
>>>
>>> Thanks a lot,
>>>
>>> Ben
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>


More information about the Users mailing list