LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ipsec Help Plase :/ (http://www.linuxquestions.org/questions/linux-networking-3/ipsec-help-plase-918534/)

skate 12-13-2011 11:18 AM

ipsec Help Plase :/
 
Hello Folks, I am trying to get the right configuration for ipsec tunnel but I have some problems and I need your help and advice to get it up and running:

The OS is Ubuntu Server 11
OpenSwan - ipsec

Thats the configuration:

http://i39.tinypic.com/mwwmqe.jpg

Thats my ipsec.conf configuration:


conn some1
auth=esp
authby=secret
auto=add
# enc=aes-256
esp=aes256-sha1
ike=aes256-sha1-modp1024
ikelifetime=28800s
keyexchange=ike
keyingtries=0
keylife=28800s
rekeymargin=3s
rekeyfuzz=100%
dpdaction=restart_by_peer
dpddelay=9
dpdtimeout=30
x-l2tpd=no
left=95.43.208.254
leftsubnet=192.168.45.10/32
leftsourceip=192.168.45.10
leftid=@s1
leftnexthop=%defaultroute
pfs=yes
right=82.103.104.129
rightsubnet=82.103.104.165/32
rightsourceip=82.103.104.165
type=tunnel

config setup
interfaces=%defaultroute
nat_traversal=yes
oe=off
protostack=netkey


I am not sure if its the right configuration because I get the following in the log:


Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: initiating Main Mode to replace #1
Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: received Vendor ID payload [Dead Peer Detection]
Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: STATE_MAIN_I2: sent MI2, expecting MR2
Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec 13 18:56:06 s1 pluto[29891]: "some1" #2: STATE_MAIN_I3: sent MI3, expecting MR3
Dec 13 18:56:16 s1 pluto[29891]: "some1" #2: discarding duplicate packet; already STATE_MAIN_I3

Any help will be appreciated, Thank you.

amilo 12-14-2011 10:27 AM

Where is the conf file at the other side of the tunnel?

skate 12-14-2011 11:34 AM

Quote:

config begin

##########################
# Phase 1
listen {
isakmp 82.103.104.129 [500];
}
remote XX.XX.XX.XX {
exchange_mode main;
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
lifetime time 86400 sec;
}
}

# Phase 2
sainfo address 82.103.104.165 any address XX.XX.XX.XX any {
encryption_algorithm aes 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
lifetime time 28800 sec;
pfs_group 2;
}

###########################

racoon as far as I know.


All times are GMT -5. The time now is 03:33 PM.