OpenSwan net-to-net VPN (IPCop 1.4.10)

millerjord · 04-21-2006, 05:18 AM

Hi

I am trying to build a network of IPCop 1.4.10 to encrypt my wireless building to building networks.

So I want to use the IPCops for net-to-net VPN, and the RED network is all mine!

That means all the RED networks are in the same network segment (e.g. 193.90.220.0/24), but there are different networks on all GREEN sides.

I have tried following some step-by-step guides but still can't seem to make it work. In the VPN-tab of IPCop the connection keeps Closed.

Does anybody have a clue why this could happen?

Network setup example:
ipcop1 ipcop2
GREEN RED RED GREEN
10.100.30.5 -- 193.90.220.1 --WLAN--- 193.90.220.20 -- 10.100.31.1
(10.100.30.0/24 -------- 193.90.220.0/24 ----------- 10.100.31.0/24)

On ipcop1 are the following settings:
conn: ipcop-vpn
left: 193.90.220.1
left subnet: 10.100.30.0/255.255.255.0
right: 193.90.220.20
right subnet: 10.100.31.0/255.255.255.0
authby: secret

On ipcop2 are the following settings:
conn: ipcop-vpn
left: 193.90.220.20
left subnet: 10.100.31.0/255.255.255.0
right: 193.90.220.1
right subnet: 10.100.30.0/255.255.255.0
authby: secret

Authentication are set to Pre-Shared Key (Yes, I will use certs, I just want to make it work first)

As I have already said the VPN tunnel won't start, it's status is CLOSED.

I recognize that the ipsec interface on ipcop1 is using eth0(GREEN interface). Is this correct?

From log:
11:26:32 pluto[2720] | found eth0 with address 192.168.30.1
11:26:32 pluto[2720] | found eth1 with address 192.168.90.1
11:26:32 pluto[2720] | found ipsec0 with address 192.168.30.1
11:26:32 pluto[2720] | IP interface eth1 192.168.90.1 has no matching ipsec* interface -- ignored
11:26:32 pluto[2720] adding interface ipsec0/eth0 192.168.30.1
11:26:32 pluto[2720] adding interface ipsec0/eth0 192.168.30.1:4500

According to what I know this means ipcop1 is expecting incoming VPN connections on GREEN interface, or am I wrong?

The other server, ipcop2, keeps telling me the following in the log:

"ipcop-vpn" #2: ERROR: asynchronous network error report on eth1 for message to 192.168.90.1 port 500, complainant 192.168.90.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]

Anyone got a possible solution?

Best regards

-:Rune:-

isaias · 05-11-2007, 06:42 AM

hi,

I am trying to build a network of IPCop 1.4.15, so I want to use the IPCops for net-to-net VPN.

That means all the RED networks are in the same network segment (e.g. 10.0.0.20/21), but there are different networks on all GREEN sides (e.g. 192.168.1.20/192.168.102.21).

I have tried following some step-by-step guides but still can't seem to make it work. In the VPN-tab of IPCop the connection keeps Closed.

Network setup example:
ipcop1 ipcop2
GREEN RED RED GREEN
192.168.1.20 -- 10.0.0.20 --internet--- 10.0.0.21 -- 192.168.102.21

On ipcop1 are the following settings:
name: ipcop1
side: left
ip:10.0.0.20
local subnet: 192.168.1.0/255.255.255.0
remote ip:192.168.102.21
remote subnet:192.168.102.0/255.255.255.0

on ipcop2 are the following settings:
name:ipcop2
side:rigt
ip:10.0.0.21
local subnet: 192.168.102.0/255.255.255.0
remote ip:192.168.1.20
remote subnet:192.168.1.0/255.255.255.0

Authentication are set to certificate. As I have already said the VPN tunnel won't start, it's status is CLOSED.

please somebody can help me? I apreciate....