[Openswan Users] How to config Static-to-Roadwarrior in different openswan version?

tknv rreedd555 at gmail.com
Thu May 26 06:52:10 EDT 2011 

Buggy

Hello,
I try Static-to-RoadWarrior IPsec at below network.
at IPsec router:ipsec setup start
at RoadWarrior:ipsec auto --up road
But can not establish.

     router(192.168.11.0/24)
         /                     \      
        /                       \
 IPsec router               Roadwarrior
 Static(192.168.11.11)      Dynamic(192.168.11.X)
 Openswan 2.4.15(klips)     Openswan U2.6.32
       /
      /
A-macihne:192.168.25.X

--ipsec.config:IPsec router--
version 2.0

config setup
interfaces=%defaultroute
nat_traversal=yes
nhelpers=0
syslog=daemon.error
klipsdebug=none
plutodebug=none
plutoopts=
handle_delete=no
overridemtu=1280

conn road
left=192.168.11.11
leftsubnet=192.168.25.0/24
right=%any
rightnexthop=%defaultroute
auto=add
authby=secret
type=tunnel
leftid=@dh.srv.org
rightid=@dh.ore.org
keyingtries=0
aggrmode=yes
pfs=no
keylife=28800
ikelifetime=3600
rekeymargin=100
rekeyfuzz=0%
dpddelay=30
dpdaction=clear
include /etc/ipsec.d/examples/no_oe.conf

--ipsec.config:Roadwarrior--
version	2.0

config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
protostack=klips
klipsdebug=none
plutodebug=none
nhelpers=0

conn road
authby=secret
left=%defaultroute
leftid=@dh.ore.org
right=192.168.11.11
rightsubnet=192.168.25.0/24
rightid=@dh.srv.org
auto=add
include /etc/ipsec.d/*.conf

--ipsec.secrets:both--
@dh.ore.org @dh.srv.org : PSK "foo"

--log when try :ipsec auto --up road: from Roadwarrior--
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: ignoring unknown Vendor ID payload
[4f4568794c64414365636661]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload [Dead Peer Detection]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload [RFC 3947] method set
to=109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
May 25 20:32:48 localhost authpriv.warn pluto[10313]: packet from
192.168.11.3:500: initial Main Mode message received on
192.168.11.11:500 but no connection has been authorized

When Static-to-Static under same contidion, able to establish ipsec.
I tried without type=tunnel,aggrmode=yes/no,pfs=no/yes, but no luck.
My aim is connect A-machine to RoadWarrior after that.

Regards,
-- 
W.tknv

More information about the Users mailing list