[Openswan Users] OpenSwan Issue

Luis Nagaki luis.nagaki at gmail.com
Thu May 31 13:31:06 EDT 2012


Hey guys, im having a bit of an issue.

I had open swan working just fine internally. So i know my configs /
and rsa keys were working fine.


Here is my setup

Quote:
VPN Server (OpenSwan) External IP and using IPtables
|
|
Internet
|
|
Home SOHO
|
|
Internal IP 192.168.2.6 VPN Openswan Client (same as server)

So now i changed the IP's as followed in the configs


VPN Client behind a Dlink soho Home
Quote:
conn poller2
left=192.168.2.6
leftid=@server2
leftrsasigkey=0sAQOdr36..| (Removed to make it smaller)
leftnexthop=%defaultroute
right=PUBLIC IP OF VPN SERVER
rightid=@server1
rightrsasigkey=0sAQPUN/..| (Removed to make it smaller)
rightnexthop=%defaultroute
auto=add


VPN Server directly connected to internet

Quote:
conn central
left=PUBLIC IP of VPN Server
leftid=@server1
leftrsasigkey=0sAQPBY4LedS..| (Removed to make it smaller)
leftnexthop=%defaultroute
right=192.168.2.6
rightid=@server2
rightrsasigkey=0sAQOdr366h..| (Removed to make it smaller)
rightnexthop=External IP Of SOHO Device? or should i leave %defaultroute
auto=add
heres a TCPDUMP on the client
12:07:45.487113 IP 192.168.2.6.isakmp > PUBLIC IP.isakmp: isakmp:
phase 1 I ident
tcpdump on the server

10:38:45.380207 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF],
proto: UDP (17), length: 620) PUBLIC IP OF CLIENT.isakmp > PUBLIC IP
VPN SERVER.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident: [|sa]


Heres a Dump from my secure log

Quote:
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [Openswan (this version) 2.6.32 ]
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [Dead Peer Detection]
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [RFC 3947] method set to=109
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
method 109
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 109
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using
method 109
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-00]
pluto[20212]: packet from PUBLIC IP OF CLIENT:500: initial Main Mode
message received on PUBLIC IP OF VPN SERVER:500 but no connection has
been authorized with policy=RSASIG

i cant get past Phase I
I have port 500 and port 4500 allowed on iptables. i also have just in
case but should need on the Dlink port 500 and 4500 udp fwding to the
internal IP of the vpn client openswan.

i still cant get this to work and its urgent =(


More information about the Users mailing list