LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Authorizing Openswan VPN connection (http://www.linuxquestions.org/questions/linux-networking-3/authorizing-openswan-vpn-connection-289279/)

logo 02-12-2005 09:29 AM

Authorizing Openswan VPN connection
 
Hi everyone. I have a problem.
I'm totally in a dead end here. I'm trying to create a simple test VPN connection. The server is Openswan running on my Fedora Core 3 box. The box has 2 cards 10.1.1.1(eth0) and 10.1.2.1(eth1). The computer from which I'm starting the connection is 10.1.1.2, and it's a WIN XP SP2. The VPN client is the one built into Windows. This is how my ipsec.conf looks like this:
Code:

version        2.0
# basic configuration
config setup
        interfaces="ipsec0=eth0 ipsec1=eth1"
        klipsdebug=none
        plutodebug=all
        overridemtu=1410
        nat_traversal=yes

# Add connections here
 
conn test
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
        pfs=no
        forwardcontrol=yes
        left=10.1.2.101
        leftsubnet=10.1.2.0/24
        leftprotoport=17/1701
        leftnexthop=10.1.2.1
        right=10.1.1.2
        rightsubnet=10.1.1.2/32
        rightnexthop=10.1.1.1
        rightprotoport=17/1701
        auto=add

include /etc/ipsec.d/examples/no_oe.conf

The WIN XP is set up to connect to 10.1.1.1, using l2tp and not getting Local Gateway form Server. I'm using Pre-Shared keys (entered in WIN XP too).
My Ipsec.secrets:
Code:

10.1.1.2 %any: PSK "mykey"
But when I start the connection in WIN XP, nothing happens. /var/log/secure shows:
Code:

packet from 10.1.1.2:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
packet from 10.1.1.2:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 10.1.1.2:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
packet from 10.1.1.2:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 10.1.1.2:500: initial Main Mode message received on 10.1.1.1:500 but no connection has been authorized
packet from 10.1.1.2:500: ignoring Delete SA payload: not encrypted
packet from 10.1.1.2:500: received and ignored informational message

Sorry for the long texts, but I simply can't imagine what could be wrong. Why is the connection not authorized?

nirav.jani 03-05-2005 05:46 AM

Hi there,
I think you have made mistake in ipsec.conf, the one thing you have to take care about writing the ipsec.conf is that
always put local = left and remote= right
your linux box has two ethernet cards, I don't know from which card you are connected with winxp,
but you must give one ip address ( from two ip address of two ethernet cards) as left.
That is you should have either
left = 10.1.1.1 if you are using eth0 for connection to win xp
or
left = 10.1.2.1 if you are using eth1 for connection to win xp
in ipsec.conf.
Try to get it with very less options like not giving any leftsubnet or rightsubnet just try to establish it with two hosts only, then try to give the subnets behind those hosts,
I have established the connection using psk method and CA method both successfully.
May be helpful to you
nj


All times are GMT -5. The time now is 04:25 AM.