[Openswan Users] VPN connection established but ...

Durwin thecajun at nmia.com
Sat Nov 10 14:22:45 EST 2012 

I have a connection established and I can enter commands when connected
one way, but when connected the other way, the commands will partially
output  before it locks.

left public will be refered to as   a.b.c.d
left private subnet is 192.168.4.0/24
right public will be refered to as w.x.y.z
right private subnet is 172.23.93.0/24

Left side I have a Fedora17 machine.  I have disabled selinux and
iptables for now.

Right side is behind NETGEAR ProSafe VPN Firewall FVS336GV2.


From the left I can ssh to a machine inside the right.  I can do normal
work.  I can also ssh back to the left, and if I enter a command with
very little output it works.  But if for instance I enter 'ls -l' it
will start to list the directory, but then stop.  Does not respond to
any key press, even control-c.  Twice I saw it eventually complete the
list (after many minutes), but that is the exception.

My configurations follow.

=== /etc/ipsec.conf ===
version    2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   # klipsdebug=none
   # plutodebug="control parsing"
   # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
   protostack=netkey
   nat_traversal=yes
   virtual_private=%v4:192.168.4.0/24,%v4:172.23.93.0/24
   oe=off
   # Enable this if you see "failed to find any available worker"
   # nhelpers=0
   force_keepalive=yes
   keep_alive=10

#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
include /etc/ipsec.d/*.conf


=== /etc/ipsec.d/myconn.conf ===
conn myconn
   left=%defaultroute
   leftsubnet=192.168.4.0/24
   #leftnexthop=%defaultroute
   right=w.x.y.z
   #right=%defaultroute
   rightsubnet=172.23.93.0/24
   #rightnexthop=%defaultroute
   type=tunnel
   authby=secret
   keyexchange=ike
   auto=start
   pfs=yes
   ike=3des-sha1-modp1024
   esp=3des-sha1

=== /etc/ipsec.d/myconn.secrets  ===
a.b.c.d 192.168.4.66 192.168.4.1 w.x.y.z : PSK "mysecret"

More information about the Users mailing list