VPN - OpenSWAN to OpenSWAN problems

This is Interesting: Free IT Magazines  
Home > Archive > VPN > February 2006 > OpenSWAN to OpenSWAN problems





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author OpenSWAN to OpenSWAN problems
Heruan

2006-02-17, 11:07 pm

Hi all!
I'm trying to establish a VPN connection between tso OpenSWAN server.
This is the scenario:

NAT Gateway A --- Server A --- Network A
|
INTERNET
|
NAT Gateway B --- Server B --- Network B

Here's my ipsec.conf for this connection:

conn test
left=151.38.49.xxx
leftsubnet=192.168.1.0/24
leftrsasigkey=0sAQNe...
leftnexthop=%direct
right=82.60.119.xxx
rightsubnet=192.168.0.0/24
rightrsasigkey=0sAQNY...
rightnexthop=%direct
authby=rsasig
auto=start

The file is the same on both servers. When I try to establish the
connection I get:

ipsec__plutorun: 022 "test": we cannot identify ourselves with either
end of this connection
ipsec__plutorun: ...could not route conn "test"
ipsec__plutorun: 022 "test": We cannot identify ourselves with either
end of this connection.
ipsec__plutorun: ...could not start conn "test"

I set nat_trasversal to yes but the same error appear. Both NAT Gateways
support IPSec passthrough and UDP ports 500 and 4550 are both forwarder
to Server A and Server B.

Thanks in advance,
Heruan
Heruan

2006-02-17, 11:07 pm

Heruan ha scritto:
> Hi all!
> I'm trying to establish a VPN connection between tso OpenSWAN server.
> This is the scenario:
>
> NAT Gateway A --- Server A --- Network A
> |
> INTERNET
> |
> NAT Gateway B --- Server B --- Network B
>
[CUT]
> I set nat_trasversal to yes but the same error appear. Both NAT Gateways
> support IPSec passthrough and UDP ports 500 and 4550 are both forwarder
> to Server A and Server B.

I corrected my ipsec.conf that way:

conn test
left=192.168.1.10
leftsubnet=192.168.1.0/24
leftnexthop=151.38.49.xxx
leftrsasigkey=0sAQNe...
right=192.168.0.10
rightsubnet=192.168.0.0/24
rightnexthop=82.60.119.xxx
rightrsasigkey=0sAQNY...
auto=add

and now in /var/log/messages I get:

ipsec__plutorun: 104 "test" #1: STATE_MAIN_I1: initiate
ipsec__plutorun: ...could not start conn "test"

If I try a ``ipsec auto --up test'':

104 "test" #1: STATE_MAIN_I1: initiate
010 "test" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "test" #1: STATE_MAIN_I1: retransmission; will wait 40s for response

.... and so on.
With ``ipsec auto --status'':

"test" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s
pending Phase 2 for "test" replacing #0
pending Phase 2 for "test" replacing #0

So the tunnel fails, I can't get out of this problem...
TIA,
Heruan
Heruan

2006-02-19, 8:22 am

Heruan ha scritto:
> Heruan ha scritto:
> [CUT]
I DID IT

Now I'm able to ping local ip of Server B from Server A, but not other
ips of Network B (and viceversa).
How-to configure Server A and B to route requests to their local networks?
TIA.
Heruan
Heruan

2006-02-19, 8:22 am

Heruan ha scritto:
> Heruan ha scritto:
> I DID IT
>
> Now I'm able to ping local ip of Server B from Server A, but not other
> ips of Network B (and viceversa).
> How-to configure Server A and B to route requests to their local networks?

Done. Just enabled ipv4 forwarding at /etc/sysctl.conf!
H.
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com