LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-12-2005, 08:29 AM   #1
logo
Member
 
Registered: Sep 2004
Distribution: Fedora Core 3
Posts: 47

Rep: Reputation: 15
Authorizing Openswan VPN connection


Hi everyone. I have a problem.
I'm totally in a dead end here. I'm trying to create a simple test VPN connection. The server is Openswan running on my Fedora Core 3 box. The box has 2 cards 10.1.1.1(eth0) and 10.1.2.1(eth1). The computer from which I'm starting the connection is 10.1.1.2, and it's a WIN XP SP2. The VPN client is the one built into Windows. This is how my ipsec.conf looks like this:
Code:
version	2.0
# basic configuration
config setup
         interfaces="ipsec0=eth0 ipsec1=eth1"
         klipsdebug=none
         plutodebug=all
         overridemtu=1410
         nat_traversal=yes

# Add connections here
 
conn test
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
        pfs=no
        forwardcontrol=yes
        left=10.1.2.101
        leftsubnet=10.1.2.0/24
        leftprotoport=17/1701
        leftnexthop=10.1.2.1
        right=10.1.1.2
        rightsubnet=10.1.1.2/32
        rightnexthop=10.1.1.1
        rightprotoport=17/1701
        auto=add

include /etc/ipsec.d/examples/no_oe.conf
The WIN XP is set up to connect to 10.1.1.1, using l2tp and not getting Local Gateway form Server. I'm using Pre-Shared keys (entered in WIN XP too).
My Ipsec.secrets:
Code:
10.1.1.2 %any: PSK "mykey"
But when I start the connection in WIN XP, nothing happens. /var/log/secure shows:
Code:
packet from 10.1.1.2:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
packet from 10.1.1.2:500: ignoring Vendor ID payload [FRAGMENTATION]
packet from 10.1.1.2:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
packet from 10.1.1.2:500: ignoring Vendor ID payload [Vid-Initial-Contact]
packet from 10.1.1.2:500: initial Main Mode message received on 10.1.1.1:500 but no connection has been authorized
packet from 10.1.1.2:500: ignoring Delete SA payload: not encrypted
packet from 10.1.1.2:500: received and ignored informational message
Sorry for the long texts, but I simply can't imagine what could be wrong. Why is the connection not authorized?
 
Old 03-05-2005, 04:46 AM   #2
nirav.jani
Member
 
Registered: Nov 2004
Location: Hyderabad, India
Distribution: Fedora Core - II, RedHat - 9
Posts: 45

Rep: Reputation: 15
Hi there,
I think you have made mistake in ipsec.conf, the one thing you have to take care about writing the ipsec.conf is that
always put local = left and remote= right
your linux box has two ethernet cards, I don't know from which card you are connected with winxp,
but you must give one ip address ( from two ip address of two ethernet cards) as left.
That is you should have either
left = 10.1.1.1 if you are using eth0 for connection to win xp
or
left = 10.1.2.1 if you are using eth1 for connection to win xp
in ipsec.conf.
Try to get it with very less options like not giving any leftsubnet or rightsubnet just try to establish it with two hosts only, then try to give the subnets behind those hosts,
I have established the connection using psk method and CA method both successfully.
May be helpful to you
nj
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Connection! skate Linux - Newbie 4 09-10-2006 01:34 PM
vpn connection bahramcho Linux - Networking 1 05-04-2005 07:58 AM
vpn connection bahramcho Linux - Networking 1 04-29-2005 11:42 AM
VPN connection bahramcho Linux - Networking 1 04-25-2005 06:12 AM
Creating a Linux<-WinXP VPN with OpenSwan logo Linux - Security 4 02-07-2005 09:40 AM


All times are GMT -5. The time now is 09:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration