[Openswan Users] Openswan road warrior problem

Siegfried Vogl svogl at vodata.de
Sat Jun 20 08:25:37 EDT 2020 

Hello,


sorry, I've made a mistake. The "R2_Testclient/IpsecBarf.txt" is from a 
wrong device.


I've packed the whole data once again, now with the corrected 
"IpsecBarfCorrected.txt"


Sorry,


Siegfried


    -----Ursprüngliche Nachricht-----
    *Von:* Siegfried Vogl <svogl at vodata.de>
    *Gesendet:* Samstag 20 Juni 2020 14:05
    *An:* users at lists.openswan.org
    *Betreff:* Openswan road warrior problem

    Hello,

    i have a road warrior problem.
    Data flow: IPSEC-Client (Initiator) <-> IP-Gateway <->
    Ipsec-Gateway(Responder) <-> Web-Server

    If the client is configured as a "road warrior" on the Ipsec gateway,
    the rekeying of the ISAKMP SA does not work on the responder side.
    The gateway receives the first negotiation packet itself (see log:
    "RZNV87 / Log.txt" (search:)-> "##$$ Pluto sends packet to himself ...")


    Attachments - a TGZ extracting as folder "Data":
       - Networkplan.pdf: a sheme of the test bed
       - RZNV87: Ipsec-Gateway (responder) data (search for comments in
    Log.txt: "##$$")
       - R2_Testclient: Ipsec-Client (Initiator) data.

    Notes:
       - "IpsecStatusCmd.txt" in both directories is the output of "ipsec
    status" after the tunnel was established and after the fist try of the
    responder to rekey the ISAKMP SA.
       - After the tunnel is established, data transfer is successfull.
       - All data files were filtered against readable DN's an FQDN's
    (although it's only a test bed anyway).
       - RZNV89, RZNV87 and RZNV82 are VM's on a virtualbox host (RZN161).
       - The test bed is simplified a little.
         In production, the initiator (which has a static ip here to simplify
    things) is a DHCP client. Therefore i need the roadwarrior setup.
         I shortened the timers for ikelifetime, salifetime and rekeymargin
    to get shorter test intervalls. But it is the same problem with default
    values.
       - I did some debugging:
         It seems that "st->st_remoteaddr" of the new created state element
    is not copied, although the "orient()" seems to find the correct assignment.
         But because I don't know details of the implementation, this is only
    an assumption.

    Thanks in advance,
    Siegfried

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Data_corrected.tar.gz
Type: application/gzip
Size: 203208 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20200620/7aed343c/attachment-0001.gz>

More information about the Users mailing list