[Openswan Users] IPSec on Centos6.5

David Fowler david at powercreations.com.au
Tue Feb 11 00:29:25 EST 2014


Hi all

I'm having some issues getting Openswan running on a Centos6.5 box to 
connect to a Draytek router (or even another Centos box) using an IPSec 
connection

Here are all my settings (IP addresses have been changed - but 
consistent here)
1.1.1.1 - CentOS server
2.2.2.2 - CentOS server bcast
3.3.3.3 - router on the other end

When I run an 'ipsec --up testconenction', I get the following

ipsec auto --up testconnection
104 "testconnection" #3: STATE_MAIN_I1: initiate
010 "testconnection" #3: STATE_MAIN_I1: retransmission; will wait 20s 
for response
010 "testconnection" #3: STATE_MAIN_I1: retransmission; will wait 40s 
for response

The /var/log/secure file shows
Feb 11 05:26:29 host pluto[31976]: | processing connection testconnection
Feb 11 05:26:29 host pluto[31976]: | handling event EVENT_RETRANSMIT for 
3.3.3.3 "testconnection" #3
Feb 11 05:26:29 host pluto[31976]: | sending 592 bytes for 
EVENT_RETRANSMIT through eth0:500 to 3.3.3.3:500 (using #3)

Config files and outputs are below

----------
*ifconfig*
eth0      Link encap:Ethernet  HWaddr 00:16:3E:38:7B:2C
           inet addr:1.1.1.1  Bcast:2.2.2.2  Mask:255.255.248.0

-----------
*/etc/ipsec.conf*
config setup
      klipsdebug=all
      plutodebug=all
      protostack=netkey
      nat_traversal=yes
      virtual_private=%v4:192.168.0.0/16,%v4:192.168.3.0/16
      interfaces=%defaultroute

conn testconnection
      type=tunnel
      left=1.1.1.1
      right=3.3.3.3
      rightsubnet=192.168.3.0/255.255.255.0
      auth=esp
      esp=3des-168
      keyexchange=ike
      auto=start
      pfs=no
      rekey=no
      authby=secret

----------
*/etc/ip.secrets*
1.1.1.1 3.3.3.3: PSK "mykeyhere"

----------
*ipsec verify*
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.32/K2.6.32-431.3.1.el6.x86_64 (netkey)
Checking for IPsec support in kernel                            [OK]
  SAref kernel support [N/A]
  NETKEY:  Testing for disabled ICMP send_redirects              [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking that pluto is running                                  [OK]
  Pluto listening for IKE on udp 500                             [OK]
  Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [OK]
Checking for 'iptables' command                                 [OK]

----------

Any help would be appreciated.

Dave




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140211/b19ce5c7/attachment.html>


More information about the Users mailing list