[Openswan Users] VPN setup between dedicated server and CISCO firewall

Leto letoams at gmail.com
Mon Nov 4 19:16:26 UTC 2013

sent from a tiny device 

On 2013-11-04, at 7:39, "Rishad Ali" <rishad.ali at turnkey-instruments.com> wrote:

> Hi all,
> I am trying to setup VPN between my dedicated server (centOS) and a another company. I want to terminate VPN on my dedicated server which I access remotely and the other company terminates their VPN on a CISCO firewall.
> (I have been given their Internal IP address and external Gateway IP address to setup on openswan.)
> My first problem is, I do not have a network behind my server, so what should be my internal IP address in the ipsec.config (should I use the same public IP address for both internal and external )

you can just leave out leftsubnet=

> Secondly, when I run ipsec verify, below is the output

it's odd that it shows ip
xfrm is broken on centos. that is normally not a problem. do you have the iproute  package installed?

> Checking if IPsec got installed and started correctly:
> Version check and ipsec on-path                              [OK]
> Openswan U2.6.39/K2.6.32-358.23.2.el6.x86_64 (netkey)
> See `ipsec --copyright' for copyright information.
> Checking for IPsec support in kernel                        [OK]
> NETKEY: Testing XFRM related proc values
>          ICMP default/send_redirects                            [OK]
>          ICMP default/accept_redirects                        [OK]
>          XFRM larval drop                                                     [OK]
> Hardware random device check                                [N/A]
> Checking rp_filter                                                            [ENABLED]
> /proc/sys/net/ipv4/conf/default/rp_filter          [ENABLED]
> /proc/sys/net/ipv4/conf/lo/rp_filter                     [ENABLED]
> /proc/sys/net/ipv4/conf/eth0/rp_filter               [ENABLED]
> Checking that pluto is running                                    [OK]
> Pluto listening for IKE on udp 500                             [OK]
> Pluto listening for IKE on tcp 500                              [NOT IMPLEMENTED]
> Pluto listening for IKE/NAT-T on udp 4500            [DISABLED]
> Pluto listening for IKE/NAT-T on tcp 4500             [NOT IMPLEMENTED]
> Pluto listening for IKE on tcp 10000 (cisco)           [NOT IMPLEMENTED]
> Checking NAT and MASQUERADEing                      [TEST INCOMPLETE]
> Checking 'ip' command                                                [IP XFRM BROKEN]
> Checking 'iptables' command                                     [OK]
> It says,
> Checking NAT and MASQUERADEing                      [TEST INCOMPLETE]
> Checking 'ip' command                                                [IP XFRM BROKEN]
> How to fix this?
> Thanks.
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131104/f840ce65/attachment-0001.html>

More information about the Users mailing list