[Openswan Users] Help with Checkpoint VPN configuration

victorjabur at gmail.com victorjabur at gmail.com
Thu Jul 28 10:55:44 EDT 2011 

Hi Paul,

Very thanks for your help:

I made all changes that you suggest, now is happenning another error:

*>>sudo ipsec setup --start
openswan failed to exec the requested action - the following error occured:
can not load config '/etc/ipsec.conf': /etc/ipsec.conf:66: syntax error,
unexpected STRING [leftxauthuser]*

This is my new ipsec.conf:



config setup
    interfaces="%defaultroute"
    protostack=.
    klipsdebug=none
    plutodebug=none
    manualstart=
    plutoload=

conn company
    authby=secret
    pfs=yes
    keyexchange=ike
    left=myIP
    leftxauthclient=yes
*    leftxauthuser=    *
    right=MyCompanyIP
    auto=start

------------------------------------------------------------------------------

This is my new ipsec.secrets:

@myuser : XAUTH "mypass"


Obs.:*** I delete this previous line:   @groupcompany    999.999.999.999 :
PSK "ab927263cc4654645f334"
And not, this is not my real secret, it's updated.

*My Question: The above secret line should exists or remove it ?*

Thanks;
Victor Jabur.

2011/7/28 Paul Wouters <paul at xelerance.com>

> On Thu, 28 Jul 2011, victorjabur at gmail.com wrote:
>
>  I'm trying to configure the openswan on my Linux Ubuntu 11.04 x64 machine
>> to access the VPN Windows Checkpoint.
>>
>> I already installed openswan and the question is how correct configuration
>> to make it.
>>
>> 1) This is my /etc/ipsec.conf
>>
>> config setup
>>     interfaces="ipsec0=ppp0"
>>     klipsdebug=none
>>     plutodebug=none
>>     manualstart=
>>     plutoload=
>>
>
> Specify interfaces="%defaultroute" and protostack=. The ipsec0 interface is
> only available
> with protostack=klips not with protostack=netkey (the default kernel only
> supports netkey)
>
>
>  conn company
>>     type=tunnel
>>         left=%defaultroute
>>     leftid=@groupcompany
>>     leftxauthclient=yes
>>     right=999.999.999.999
>>     rightxauthserver=yes
>>     keyexchange=ike
>>     auth=esp
>>     pfs=no
>>
>>
>> conn company_1
>>          left=%defaultroute
>>          leftid=@groupcompany
>>          leftxauthclient=yes
>>          right=999.999.999.999                  # IP of VPN Server
>>          rightxauthserver=yes
>>          authby=secret
>>          auto=add
>>
>>
>  2) This is my /etc/ipsec.secrets
>>
>>   @groupcompany    999.999.999.999 : PSK "ab927263cc4654645f334"
>>
>
> If that is your production secret, please change it as you just posted it
> to everyone!!
>
>
>  The only information that i have to connect on the VPN Server is:
>> IP: 999.999.999.999
>> Username: myuser
>> Password: MyPass
>>
>
> Try using leftxauthuser= and add the passwd in ipsec.secrets:
>
> @myuser : XAUTH "MyPass"
>
>
>  There is any way to detect the problem ? Would you help me to make the
>> correct configurations ?
>>
>
> Check /var/log/secure or /var/log/auth*
>
> Paul
>



-- 
Atenciosamente,

Victor Hugo Jabur Passavaz
Fone: (11) 9886-7921
Skype: victorjabur
MSN: victorhjp at hotmail.com
GTalk: victorjabur at gmail.com
Blog: www.victorjabur.com
Twitter: http://www.twitter.com/victorjabur
LinkedIn: http://br.linkedin.com/in/victorpassavaz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110728/764ba6ee/attachment.html

More information about the Users mailing list