[Openswan Users] Why I have 2 tunnels up on Openswan?
Michael Furman
michael_furman at hotmail.com
Wed Oct 14 11:02:53 EDT 2015
Thanks,
While if I drop virtual_private I have 2 channels up?
Is now my configuration looks ok?
Michael
Subject: Re: [Openswan Users] Why I have 2 tunnels up on Openswan?
To: michael_furman at hotmail.com; alex.petcu at sipstatus.com; users at lists.openswan.org
From: nick at howitts.co.uk
Date: Wed, 14 Oct 2015 15:58:15 +0100
virtual_private is irrelevant for this type of tunnel and can be
dropped. I think it is only needed for roadwarrior type connections
where we are allocating them an IP. Also left/rightid can probably
be left to default. Unfortunately I don't know the rsa configs so I
can't give much more help, although, if it were me, I'd try to get a
simple psk connection going before switching to rsa
On 14/10/2015 15:39, Michael Furman
wrote:
Hi,
It is host to host tunnel.
I want to encrypt connection from one server to another.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/Host-To-Host_VPN_Using_Openswan.html
Michael
From: alex.petcu at sipstatus.com
To: michael_furman at hotmail.com; users at lists.openswan.org
Subject: RE: [Openswan Users] Why I have 2 tunnels up on
Openswan?
Date: Wed, 14 Oct 2015 14:37:04 +0000
HI
Michael,
I
don’t understand what you want to accomplish. All the
IPs in your config are in the same network, so the
config doesn’t make much sense.
Alex
From:
Michael Furman [mailto:michael_furman at hotmail.com]
Sent: Wednesday, October 14, 2015 5:29 PM
To: Alex Petcu
<alex.petcu at sipstatus.com>;
users at lists.openswan.org
Subject: RE: [Openswan Users] Why I have 2
tunnels up on Openswan?
Alex,
Thank you for your help!
I have added the allowed network in virtual_private:
virtual_private=%v4:172.16.0.0/16
I still have same warnings but I have one channel :)
In the previous mail I have replaced my real IPs with
x.x.
In this mail I do not replace my IPs.
Questions:
1) Why I have same warnings?
2) Do I have problems with configuration of my
tunnel?
The configuration:
conn tunnel1
leftid=@172.16.0.2
left=172.16.0.2
leftrsasigkey=0sAQPAhum5UFDrYdMcQChUs2mfDuH1bbJTV9mrA+H+CMWsG9ZoBqD0sAZiEDa7VcckUAzhX0pna99VRMXgyIw39qMplbwl2qPTh0Z3Gh0uU301tF/fqG3onBTkYZ2S2kEt2K4W9NX6kQtUHeS46tfK7EIezLaDAYyzszHCjBI589GPk3ONF5fP+JT32cjjsnSC7UZ42+whsuEYzA4PynRJPe8QZFPidIVAGMrPGM4G+f92Xu18W+nEPQ9F2TNwhonXEnRQm9T8h10VXXMaju76aHT0sFFJIF+usG8gvht+mHuSpVx0hYdvZ6tFeooOS3Y/TBT4Yd2wWyCmvn/M7VRBQXWe/B/ha9pr5A5LeD3Bv8VBfEUuOiJ8DfmCWV9EJVklDb3sSO7e9Ctbh1pMr8LaxBNihZARbk9VXG7Ec7wN3agcNh7AK8hqRHpHYeCI52oTKqW0WLwt7uD58aQaUb9KjJ3v6yyAB41yMk1uldW2Ne4UjVW7LD5KKJlSlcWPX2NMkDFzaLjgQjztDpGv2q1WtCCm3Z01Vygv6I5O0E4C1ho8di1RaHHBxHH1gmU5pEzDY+50JKj+oZMp/MBMm4sKXlIGhtFvL1jb7SKEo28ODA0VyqBOb6qZnqRDLY5wUQ47DpiRnceRVRBTRBGtIo3khYVQwMH9AskpWS5JBSjzs7tiww==
rightid=@172.16.0.1
right=172.16.0.1
rightrsasigkey=0sAQOaklcK7POvVOHl+oD6NoH49/By81rm4mGil+U2PK2caW6/V20eugufjRKMRbP7ubR8EUVzNY7lXj3ylocmysB08rWtCSkecPM3IMVxHusSLok8tv6nIkT/GclBcJlSoorCp+W7KGPVrj+KuCsqmjqpcUTrrsDbkuvt2lD49AoVPEy6ODAj2mEQvRER/Rpm868pGvz0xkGVjCnqKhD7jDdodXhkSJPq1MleRmGt8M17/6Bjk3FAATXCyksZ1kU9+XKhO9C5lajUnaElTXDu9vxuIjkNQ6pYlzagn6OO98WA+HxTwRCGmIxkWMZZ2fUGwHuWz4Kp2cPLgN7Tuxahr/U9NqWCKi7ti751yDiuLaHAu1J15ywUhRMSsQWse+nrDejQ17Pgb9UXqDsbnNNbkD7Lq1C2urUMOoBb0C76XlT5Yyr82phk9YaEj2x7m9AIRHmQMOv4z92po3Gz1mAeFroJJ1/HFF+u+HrMh5bO4tivTAtNNh7R7NfbrhkJtAlUJVfB8NK90DTiCxO9x6oXG1PNGeLT/duJ2H1VatCjkiRcpITX81ytHBUmMjDLpekPOOgSZlWNr+tbn32Li3Mnfx6tBoHjXk5kzSPgYWanfJQFyyczd1js/dG3kmtyQ6Gb8m08T0AN6cJVuezT0mWtLTIyztxdkah1QaLPQZz9W+LqrQ==
authby=rsasig
# load and initiate automatically
auto=start
virtual_private=%v4:172.16.0.0/16
The output of ipsec auto --status:
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 172.16.0.2
000 interface eth0/eth0 172.16.0.2
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified,
or there is a syntax
000 error in that line.
'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is
empty. If you have
000 private address space in internal use, it
should be excluded!
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST,
ivlen=8, keysizemin=128, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH,
ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL,
ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B,
ivlen=12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C,
ivlen=16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B,
ivlen=12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C,
ivlen=16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=(null),
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,
keysizemax=128
000 algorithm ESP auth attr: id=2,
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160,
keysizemax=160
000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256,
keysizemax=256
000 algorithm ESP auth attr: id=6,
name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384,
keysizemax=384
000 algorithm ESP auth attr: id=7,
name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512,
keysizemax=512
000 algorithm ESP auth attr: id=8, name=(null),
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=(null),
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null),
keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=3,
name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC,
blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004,
name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005,
name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289,
name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5,
hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1,
hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256,
hashsize=32
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384,
hashsize=48
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512,
hashsize=64
000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18,
name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22,
name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23,
name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24,
name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz}
:context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "tunnel1":
172.16.0.2<172.16.0.2>[@172.16.0.2,+S=C]...172.16.0.1<172.16.0.1>[@172.16.0.1,+S=C];
erouted; eroute owner: #2
000 "tunnel1": myip=unset; hisip=unset;
000 "tunnel1": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
nat_keepalive: yes
000 "tunnel1": policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK;
prio: 32,32; interface: eth0;
000 "tunnel1": newest ISAKMP SA: #1; newest IPsec
SA: #2;
000 "tunnel1": IKE algorithm newest:
AES_CBC_128-SHA1-MODP2048
000
000 #2: "tunnel1":500 STATE_QUICK_I2 (sent QI2, IPsec
SA established); EVENT_SA_REPLACE in 27381s; newest
IPSEC; eroute owner; isakmp#1; idle; import:admin
initiate
000 #2: "tunnel1" esp.6960dfd0 at 172.16.0.1
esp.52077bc8 at 172.16.0.2
tun.0 at 172.16.0.1 tun.0 at 172.16.0.2
ref=0 refhim=4294901761
000 #1: "tunnel1":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 1940s; newest
ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;
import:admin initiate
000
From:
alex.petcu at sipstatus.com
To: michael_furman at hotmail.com;
users at lists.openswan.org
Subject: RE: [Openswan Users] Why I have 2 tunnels
up on Openswan?
Date: Wed, 14 Oct 2015 12:42:01 +0000
I
think the answer is here:
“000 virtual_private
(%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not
specified, or there is a syntax
000 error in that line.
'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in
virtual_private= is empty. If you have
000 private address space in internal
use, it should be excluded!”
You
should configure the allowed and blocked networks
in the general section of the ipsec.conf file
(virtual_private=).
Your
tunnel is also not correctly configured:
x.x.0.2<x.x.0.2>[+S=C]...x.x.0.1<x.x.0.1>[+S=C];
erouted; eroute owner: #4
The
left and right IPs should be the public IPs of the
2 ends of the tunnel.
From:
Users [mailto:users-bounces at lists.openswan.org]
On Behalf Of Michael Furman
Sent: Wednesday, October 14, 2015 3:32
PM
To: users at lists.openswan.org
Subject: Re: [Openswan Users] Why I
have 2 tunnels up on Openswan?
Hi,
I get the following output:
Where it is listed that I have 2 channels?
Why I have 2 channels if I have executed the
following commands only once?
ipsec auto --add tunnel1
ipsec auto --up tunnel1
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 x.x.0.2
000 interface eth0/eth0 x.x.0.2
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not
specified, or there is a syntax
000 error in that line.
'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in
virtual_private= is empty. If you have
000 private address space in internal
use, it should be excluded!
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST,
ivlen=8, keysizemin=128, keysizemax=128
000 algorithm ESP encrypt: id=7,
name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL,
ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES,
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13,
name=ESP_AES_CTR, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=14,
name=ESP_AES_CCM_A, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=15,
name=ESP_AES_CCM_B, ivlen=12, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=16,
name=ESP_AES_CCM_C, ivlen=16, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=18,
name=ESP_AES_GCM_A, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=19,
name=ESP_AES_GCM_B, ivlen=12, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=20,
name=ESP_AES_GCM_C, ivlen=16, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=22, name=(null),
ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252,
name=ESP_SERPENT, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=253,
name=ESP_TWOFISH, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,
keysizemax=128
000 algorithm ESP auth attr: id=2,
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160,
keysizemax=160
000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6,
name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7,
name=AUTH_ALGORITHM_HMAC_SHA2_512,
keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=(null),
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=(null),
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251,
name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=0, name=(null),
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=3,
name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5,
name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7,
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004,
name=OAKLEY_SERPENT_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65005,
name=OAKLEY_TWOFISH_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65289,
name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5,
hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1,
hashsize=20
000 algorithm IKE hash: id=4,
name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=5,
name=OAKLEY_SHA2_384, hashsize=48
000 algorithm IKE hash: id=6,
name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18,
name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22,
name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23,
name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24,
name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz}
:context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "tunnel1":
x.x.0.2<x.x.0.2>[+S=C]...x.x.0.1<x.x.0.1>[+S=C];
erouted; eroute owner: #4
000 "tunnel1": myip=unset; hisip=unset;
000 "tunnel1": ike_life: 3600s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%;
keyingtries: 0; nat_keepalive: yes
000 "tunnel1": policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK;
prio: 32,32; interface: eth0;
000 "tunnel1": newest ISAKMP SA: #3; newest
IPsec SA: #4;
000 "tunnel1": IKE algorithm newest:
AES_CBC_128-SHA1-MODP2048
000
000 #4: "tunnel1":500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 28147s; newest
IPSEC; eroute owner; isakmp#3; idle; import:not
set
000 #4: "tunnel1" esp.ff2e9b3f at x.x.0.1
esp.2d2e0f90 at x.x.0.2 tun.0 at x.x.0.1
tun.0 at x.x.0.2 ref=0 refhim=4294901761
000 #3: "tunnel1":500 STATE_MAIN_R3 (sent MR3,
ISAKMP SA established); EVENT_SA_REPLACE in
2947s; newest ISAKMP; lastdpd=-1s(seq in:0
out:0); idle; import:not set
000 #2: "tunnel1":500 STATE_QUICK_I2 (sent QI2,
IPsec SA established); EVENT_SA_REPLACE in
27661s; isakmp#1; idle; import:admin initiate
000 #2: "tunnel1" esp.599c11b1 at x.x.0.1
esp.88bbf3fd at x.x.0.2 tun.0 at x.x.0.1
tun.0 at x.x.0.2 ref=0 refhim=4294901761
000 #1: "tunnel1":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 2220s;
lastdpd=-1s(seq in:0 out:0); idle; import:admin
initiate
000
To remind you this is output of service ipsec
status
IPsec running - pluto pid: 17009
pluto pid 17009
2 tunnels up
some eroutes exist
From:
alex.petcu at sipstatus.com
To: users at lists.openswan.org
Date: Mon, 12 Oct 2015 15:24:50 +0000
Subject: Re: [Openswan Users] Why I have 2
tunnels up on Openswan?
You
can try to see more with
ipsec
auto –status
It
will show details for each tunnel.
From:
Users [mailto:users-bounces at lists.openswan.org]
On Behalf Of Michael Furman
Sent: Monday, October 12, 2015
4:39 PM
To: users at lists.openswan.org
Subject: [Openswan Users] Why I
have 2 tunnels up on Openswan?
I
have started to use Openswan on Centos6
and was able to configure Host to Host
using the following document:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/Host-To-Host_VPN_Using_Openswan.html
My configuration is following (on both
sides):
conn tunnel1
left=x.x.0.2
leftrsasigkey=0sA…iww==
right=x.x.0.1
rightrsasigkey=0sA…qrQ==
authby=rsasig
# load and initiate automatically
auto=start
I have enabled tunnel using the following
command:
ipsec auto --add tunnel1
ipsec auto --up tunnel1
Why I have 2 tunnels up?
I see it on both sides
service ipsec status
IPsec running - pluto pid: 27830
pluto pid 27830
2 tunnels up
some eroutes exist
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users Micropayments:
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy Building
and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151014/34a01b2d/attachment-0001.html>
More information about the Users
mailing list