[Openswan Users] IPsec tunnel not up with Openswan

Poorva Kuber poorvakuber at gmail.com
Wed Feb 15 11:43:33 EST 2017


Hi,
Thank you for the help. I tried initiating the tunnel with the most minimum
configuration. So, here is the problem,
when I try to connect to the Cisco ASA, the source ip attached to the
packet is 10.1.10.0 instead of my public ip. And this is not recognized in
the Cisco ACL. Due to this my session is getting terminated from the remote
end. Is there any way for me to change the address associated with the
packet to be my public ip?

Here is a sample error from the Cisco ASA logs :

7|Feb 15 2017|14:27:21|713222|||||Group = <my-public-ip>, IP =
<my-public-ip>, Static Crypto Map check, map = outside_map, seq = 221, ACL
does not match proxy IDs *src:10.1.10.0* dst:<remote-subnet>

Any help in order to prevent this will be great!
Thank you.

On Wed, Feb 15, 2017 at 6:54 AM, John Crisp <jcrisp at safeandsoundit.co.uk>
wrote:

> On 14/02/17 22:25, Poorva Kuber wrote:
> > My Openswan package was overridden by libreswan 3.15. When i remove the
> > aggressive mode, nothing changes. I get the same results that I am
> > getting when it is on.
> >
>
> First, check your logs. That is what they are there for ;-)
>
> If you are using libreswan check out the wiki pages:
>
> https://libreswan.org/man/ipsec.conf.5.html
> https://libreswan.org/wiki/FAQ
> https://libreswan.org/wiki/Configuration_examples
> https://libreswan.org/wiki/Subnet_to_subnet_VPN
>
> Check left/leftnexthop in the documentation. Probably try
>
> left=%defaultroute
>
> leave out leftnexthop
>
> You can leave out ike and phase2alg and it should try all available
> encryption methods
>
> I'd remove as much as you can and then add options as required.
>
> Libreswan will connect with Openswan.
>
> Try something really simple like this for starters.
>
> ===============================
>
> /etc/ipsec.conf
>
> ===================
>
> config setup
>     protostack=netkey
>     plutodebug=none
>     klipsdebug=none
>     plutostderrlog=/var/log/pluto/pluto.log
>     dumpdir=/var/run/pluto/
>     nat_traversal=yes
>     virtual_private=%v4:192.168.1.0/24
>
> include /etc/ipsec.d/ipsec.conf
>
> ===============================
>
> /etc/ipsec.d/ipsec.conf
>
> ===================
>
> conn Test
>     type=tunnel
>     authby=secret
>     auto=add
>     pfs=yes
>     left=%defaultroute
>     leftsubnet=192.168.0.0/24
>     right=1.2.3.4
>     rightsubnet=192.168.1.0/24
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20170215/97477a4a/attachment.html>


More information about the Users mailing list