OpenSWAN to OpenSWAN problems

OpenSWAN to OpenSWAN problems
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
OpenSWAN to OpenSWAN problems Heruan 02-15-2006
Posted by Heruan on February 15, 2006, 10:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all!
I'm trying to establish a VPN connection between tso OpenSWAN server.
This is the scenario:

NAT Gateway A --- Server A --- Network A
|
INTERNET
|
NAT Gateway B --- Server B --- Network B

Here's my ipsec.conf for this connection:

conn test
left=151.38.49.xxx
leftsubnet=192.168.1.0/24
leftrsasigkey=0sAQNe...
leftnexthop=%direct
right=82.60.119.xxx
rightsubnet=192.168.0.0/24
rightrsasigkey=0sAQNY...
rightnexthop=%direct
authby=rsasig
auto=start

The file is the same on both servers. When I try to establish the
connection I get:

ipsec__plutorun: 022 "test": we cannot identify ourselves with either
end of this connection
ipsec__plutorun: ...could not route conn "test"
ipsec__plutorun: 022 "test": We cannot identify ourselves with either
end of this connection.
ipsec__plutorun: ...could not start conn "test"

I set nat_trasversal to yes but the same error appear. Both NAT Gateways
support IPSec passthrough and UDP ports 500 and 4550 are both forwarder
to Server A and Server B.

Thanks in advance,
Heruan

Network Magic Graduation 20% off animated banner
Posted by Heruan on February 16, 2006, 3:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Heruan ha scritto:
> Hi all!
> I'm trying to establish a VPN connection between tso OpenSWAN server.
> This is the scenario:
>
> NAT Gateway A --- Server A --- Network A
> |
> INTERNET
> |
> NAT Gateway B --- Server B --- Network B
>
[CUT]
> I set nat_trasversal to yes but the same error appear. Both NAT Gateways
> support IPSec passthrough and UDP ports 500 and 4550 are both forwarder
> to Server A and Server B.

I corrected my ipsec.conf that way:

conn test
left=192.168.1.10
leftsubnet=192.168.1.0/24
leftnexthop=151.38.49.xxx
leftrsasigkey=0sAQNe...
right=192.168.0.10
rightsubnet=192.168.0.0/24
rightnexthop=82.60.119.xxx
rightrsasigkey=0sAQNY...
auto=add

and now in /var/log/messages I get:

ipsec__plutorun: 104 "test" #1: STATE_MAIN_I1: initiate
ipsec__plutorun: ...could not start conn "test"

If I try a ``ipsec auto --up test'':

104 "test" #1: STATE_MAIN_I1: initiate
010 "test" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "test" #1: STATE_MAIN_I1: retransmission; will wait 40s for response

... and so on.
With ``ipsec auto --status'':

"test" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s
pending Phase 2 for "test" replacing #0
pending Phase 2 for "test" replacing #0

So the tunnel fails, I can't get out of this problem...
TIA,
Heruan

Posted by Heruan on February 18, 2006, 5:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Heruan ha scritto:
> Heruan ha scritto:
>> Hi all!
>> I'm trying to establish a VPN connection between tso OpenSWAN server.
>> This is the scenario:
>>
>> NAT Gateway A --- Server A --- Network A
>> |
>> INTERNET
>> |
>> NAT Gateway B --- Server B --- Network B
>>
> [CUT]
I DID IT :)

Now I'm able to ping local ip of Server B from Server A, but not other
ips of Network B (and viceversa).
How-to configure Server A and B to route requests to their local networks?
TIA.
Heruan

Posted by Heruan on February 19, 2006, 4:13 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Heruan ha scritto:
> Heruan ha scritto:
>> Heruan ha scritto:
>>> Hi all!
>>> I'm trying to establish a VPN connection between tso OpenSWAN server.
>>> This is the scenario:
>>>
>>> NAT Gateway A --- Server A --- Network A
>>> |
>>> INTERNET
>>> |
>>> NAT Gateway B --- Server B --- Network B
>>>
>> [CUT]
> I DID IT :)
>
> Now I'm able to ping local ip of Server B from Server A, but not other
> ips of Network B (and viceversa).
> How-to configure Server A and B to route requests to their local networks?

Done. Just enabled ipv4 forwarding at /etc/sysctl.conf!
H.

Similar ThreadsPosted
OpenSWAN vs. iptables November 4, 2006, 3:46 pm
openswan site-to-end August 18, 2007, 7:29 am
Problems with OpenVPN March 4, 2005, 6:31 pm
VPN Client IP problems December 1, 2005, 6:32 pm
WRT54G VPN Problems. April 3, 2006, 7:07 pm
Zywall 70 Firewall problems with the new Firmware March 25, 2005, 2:36 am
Routing problem causing problems with VPN? May 4, 2005, 10:22 pm
Cisco 1712 VPN Router Problems May 9, 2005, 2:34 am
Problems with PPTP VPN and DLink DI-808HV July 10, 2005, 7:10 am
Linksys WRV54G and Sentinel VPN Problems September 28, 2005, 8:22 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map