[Openswan Users] IPsec tunnel not up with Openswan
John Crisp
jcrisp at safeandsoundit.co.uk
Wed Feb 15 06:54:16 EST 2017
On 14/02/17 22:25, Poorva Kuber wrote:
> My Openswan package was overridden by libreswan 3.15. When i remove the
> aggressive mode, nothing changes. I get the same results that I am
> getting when it is on.
>
First, check your logs. That is what they are there for ;-)
If you are using libreswan check out the wiki pages:
https://libreswan.org/man/ipsec.conf.5.html
https://libreswan.org/wiki/FAQ
https://libreswan.org/wiki/Configuration_examples
https://libreswan.org/wiki/Subnet_to_subnet_VPN
Check left/leftnexthop in the documentation. Probably try
left=%defaultroute
leave out leftnexthop
You can leave out ike and phase2alg and it should try all available
encryption methods
I'd remove as much as you can and then add options as required.
Libreswan will connect with Openswan.
Try something really simple like this for starters.
===============================
/etc/ipsec.conf
===================
config setup
protostack=netkey
plutodebug=none
klipsdebug=none
plutostderrlog=/var/log/pluto/pluto.log
dumpdir=/var/run/pluto/
nat_traversal=yes
virtual_private=%v4:192.168.1.0/24
include /etc/ipsec.d/ipsec.conf
===============================
/etc/ipsec.d/ipsec.conf
===================
conn Test
type=tunnel
authby=secret
auto=add
pfs=yes
left=%defaultroute
leftsubnet=192.168.0.0/24
right=1.2.3.4
rightsubnet=192.168.1.0/24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openswan.org/pipermail/users/attachments/20170215/388150fa/attachment-0001.sig>
More information about the Users
mailing list