[Openswan Users] VPN setup between dedicated server and CISCO firewall

Rishad Ali rishad.ali at turnkey-instruments.com
Mon Nov 4 15:39:23 UTC 2013 

Hi all,

I am trying to setup VPN between my dedicated server (centOS) and a
another company. I want to terminate VPN on my dedicated server which I
access remotely and the other company terminates their VPN on a CISCO
firewall.

(I have been given their Internal IP address and external Gateway IP
address to setup on openswan.) 

 

My first problem is, I do not have a network behind my server, so what
should be my internal IP address in the ipsec.config (should I use the
same public IP address for both internal and external )

When I run ifconfig, it only gives me public I address of my server, no
private IP address(es). 

Should I use the same public IP address for both internal and external ?

Internal IP address %serverIP%/22 (we do not have any network behind our
server)

External Gateway IP address %serverIP% (because we want to terminate the
VPN on our server)

 

Secondly, when I run ipsec verify, below is the output

 

Checking if IPsec got installed and started correctly:

 

Version check and ipsec on-path                              [OK]

Openswan U2.6.39/K2.6.32-358.23.2.el6.x86_64 (netkey)

See `ipsec --copyright' for copyright information.

Checking for IPsec support in kernel                        [OK]

NETKEY: Testing XFRM related proc values

         ICMP default/send_redirects                            [OK]

         ICMP default/accept_redirects                        [OK]

         XFRM larval drop
[OK]

Hardware random device check                                [N/A]

Checking rp_filter
[ENABLED]

/proc/sys/net/ipv4/conf/default/rp_filter          [ENABLED]

/proc/sys/net/ipv4/conf/lo/rp_filter                     [ENABLED]

/proc/sys/net/ipv4/conf/eth0/rp_filter               [ENABLED]

Checking that pluto is running                                    [OK]

Pluto listening for IKE on udp 500                             [OK]

Pluto listening for IKE on tcp 500                              [NOT
IMPLEMENTED]

Pluto listening for IKE/NAT-T on udp 4500            [DISABLED]

Pluto listening for IKE/NAT-T on tcp 4500             [NOT IMPLEMENTED]

Pluto listening for IKE on tcp 10000 (cisco)           [NOT IMPLEMENTED]

Checking NAT and MASQUERADEing                     [TEST INCOMPLETE]

Checking 'ip' command                                                [IP
XFRM BROKEN]

Checking 'iptables' command                                     [OK]

 

It says,

Checking NAT and MASQUERADEing                     [TEST INCOMPLETE]

Checking 'ip' command                                                [IP
XFRM BROKEN]

 

How to fix this?

 

Thanks.

 

 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131104/5adbaafb/attachment.html>

More information about the Users mailing list