[Openswan Users] Help with vpn tunnel.

Leto letoams at gmail.com
Fri Aug 16 20:09:28 UTC 2013


most likely a firewall issue

sent from a tiny device 

On 2013-08-16, at 15:32, Magnus Holmberg <magnus.holmberg at delphideveloper.net> wrote:

> 
> 
> Hello. 
> 
> I try to setup a vpn connection but the last thing I can see in the log is #1: initiating Main Mode
> 
> 
> My server is located at ip 
> 33.45.172.231 
> 
> And the network behind is : 
> 91.234.12.129/27 
> 
> The remote end has specified this: 
> 
> 
> 
> 
> Remote details: 
> 
> IPSEC Gateway  110.95.85.110 
> Net         192.220.144.0/24 
> 
> 
> VPN Configuration Phase 1 (IKE) 
> 
> encryption scheme:    ike 
> ike mode:    main mode 
> encryption:    3des 
> authentication:    sha1 
> authentication method:    pre-shared key (shared secret) 
> diffie hellman group:    group 2 (1024 bit) 
> isakmp lifetime:    86400 sec (1440 minutes) 
> 
> 
> VPN Configuration Phase 2 (IPsec) 
> 
> ipsec mode:    tunnel mode 
> ipsec protocol:    esp 
> encryption algorithm:    3dec 
> authentication:    sha1 
> perfect forward secrecy (pfs):    disabled 
> security lifetime:    3600 seconds 
> 
> 
> Cisco configuration example: 
> 
> crypto isakmp policy <priority> 
>  encryption 3des 
>  hash sha 
>  authentication pre-share 
>  group 2 
>  lifetime 86400 
> ! 
> crypto ipsec transform-set 3des-168-sha esp-3des esp-sha-hmac 
> ! 
> crypto isakmp key <pre-shared-key> address 110.95.85.110 
> ! 
> crypto map <map-name> <seq-num> ipsec-isakmp 
>  description *** XXXX *** 
>  set peer 110.95.85.110 
>  set transform-set 3des-168-sha 
>  match address <access-list-id> 
> !access-list <access-list-id> ip host <your-ftp-host> 192.220.144.0 0.0.0.255 
> 
> 
> Would the config below work?  Or have I missed something? 
> 
> config setup 
>         protostack=netkey 
>         nat_traversal=yes 
>         virtual_private= 
>         oe=off 
> 
> 
> conn MyVpnConnection 
>         authby=secret 
>         auto=start 
>         dpddelay=3 
>         dpdtimeout=120 
>         dpdaction=restart 
>     ike=3des-sha1-1024 
>         esp=3des-sha1 
>         rekey =yes 
>         #keyingtries=3 
>         keylife=30m 
>         ikelifetime=1440m 
>         left=33.45.172.231 
>         leftsubnet=91.234.12.129/27 
>         pfs=no 
>         right=110.95.85.110 
>         rightid=110.95.85.110 
>         rightsubnet=192.220.144.0/24 
> 
> 
> What have I missed?
> 
> 
> 
> -- 
> Magnus Holmberg
> Cell: + 46 (0)709 91 94 63
> 
> <magnus_holmberg.vcf>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130816/b465f23d/attachment-0001.html>


More information about the Users mailing list