[Openswan Users] How to config RoadWarrior setting

tknv rreedd555 at gmail.com
Wed May 25 08:13:50 EDT 2011


Hello,
I counld not make Static-to-Dynamic IPsec.
I try RoadWarrior setting below network for testing.
      router(192.168.11.0/24)
      /                     \
     /                       \
static(192.168.11.11)      Dynamic(192.168.11.3)
IPsec router               RoadWarrior client
Openswan 2.4.15(klips)     Openswan 2.6.32
       /
      /
192.168.25.0/24
some client

--IPsec router:ipsec.config--
version 2.0

config setup
interfaces=%defaultroute
nat_traversal=yes
nhelpers=0
syslog=daemon.error
klipsdebug=none
plutodebug=none
plutoopts=
handle_delete=no
overridemtu=1280

conn road
left=192.168.11.11
leftsubnet=192.168.25.0/24
right=%any
rightnexthop=%defaultroute
auto=add
authby=secret
type=tunnel
leftid=@dh.srv.org
rightid=@dh.ore.org
keyingtries=0
aggrmode=yes
pfs=no
keylife=28800
ikelifetime=3600
rekeymargin=100
rekeyfuzz=0%
dpddelay=30
dpdaction=clear
include /etc/ipsec.d/examples/no_oe.conf

--RoadWarrior client:ipsec.conf--
version	2.0

config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
protostack=klips
klipsdebug=none
plutodebug=none
nhelpers=0

conn road
authby=secret
left=%defaultroute
leftid=@dh.ore.org
right=192.168.11.11
rightsubnet=192.168.25.0/24
rightid=@dh.srv.org
auto=add
include /etc/ipsec.d/*.conf

--both ipsec.secrets--
@dh.ore.org @dh.srv.org : PSK "foo"

--logs--
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: ignoring unknown Vendor ID payload
[4f4568794c64414365636661]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload [Dead Peer Detection]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload [RFC 3947] method set
to=109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: initial Main Mode message received on
192.168.11.11:500 but no connection has been authorized

When static-to-static config,that both machine could connect by
IPsec.
Please teach me how config RoadWarrior like that network.
p.s. I tried wihtout
type=tunnel,aggmode=no/yes,pfs=yes/no and protpstack=netkey/klips,but no
luck.
Thanks in advance.

-- 
W.tknv


More information about the Users mailing list