LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-08-2014, 03:24 AM   #1
blamares023452
LQ Newbie
 
Registered: Apr 2014
Posts: 1

Rep: Reputation: Disabled
Cant setup Fortigate 111c IPSEC from OpenSwan


Hello,

We have a VPN connection at work setup from where people with OSX have got it to work. But I cant get it to work on ubuntu Ubuntu 12.04.4 LTS.

On OSX the settings that work are: Server: 123.123.123.123, accountname: pelle, password: pwd_pelle, with a shared key: pwd_group (and empty group name). [as a cisco vpn tunnel]

This is my /etc/ipsec.conf
Code:
# /etc/ipsec.conf - Openswan IPsec configuration file
# $Id$

# Manual: ipsec.conf(5)

# Created: Tue Mar 25 09:08:06 2014
#      by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!

version    2.0    # conforms to second version of ipsec.conf specification

config setup
    # plutodebug="parsing emitting control private"
    plutodebug=none
    strictcrlpolicy=no
    nat_traversal=yes
    interfaces=%defaultroute
    oe=off
    # which IPsec stack to use. netkey,klips,mast,auto or none
    protostack=netkey

conn %default
    keyingtries=3
    pfs=no
    rekey=yes
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    rightprotoport=17/1701

# Add connections here.


conn Work
  leftid=@VPN_Group_2
  leftxauthusername=pelle
    left=%defaultroute
    right=123.123.123.123
  keyexchange=ike
  auto=start
  auth=esp
  authby=secret
  ikelifetime=28800s
  esp=3des-sha1;modp1024
  ike=3des-sha1,aes128-sha1;modp1024
  pfs=yes
  compress=no
  forceencaps=yes
  remote_peer_type=cisco
  rightxauthserver=yes
And this is my ipsec.secrets
Code:
# /etc/ipsec.secrets - secrets for IKE/IPsec authentication
# $Id$

# Manual: ipsec.secrets(5)

# Created: Tue Mar 25 09:08:06 2014
#      by: The L2TP IPsec VPN Manager application version 1.0.6
#
# WARNING! All changes made in this file will be lost!
#
#
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
#
%any : PSK "pwd_group" 
@pelle : XAUTH "pwd_pelle"

I get this while connecting:
Code:
root@pc:~# ipsec auto --add Work
root@pc:~# ipsec auto --up Work
104 "Work" #4: STATE_MAIN_I1: initiate
003 "Work" #4: received Vendor ID payload [RFC 3947] method set to=109 
003 "Work" #4: received Vendor ID payload [Dead Peer Detection]
003 "Work" #4: ignoring unknown Vendor ID payload [8299031757a36082c6a621de000500b3]
106 "Work" #4: STATE_MAIN_I2: sent MI2, expecting MR2
003 "Work" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
108 "Work" #4: STATE_MAIN_I3: sent MI3, expecting MR3
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 20s for response
010 "Work" #4: STATE_MAIN_I3: retransmission; will wait 40s for response
031  "Work" #4: max number of retransmissions (2) reached STATE_MAIN_I3.    Possible authentication failure: no acceptable response to our first   encrypted message
000 "Work" #4: starting keying attempt 2 of at most 3, but releasing whack
And these are the settings in the fortigate 111c web-UI as seen from the people who set up the tunnel.

at this URL:
http://i.imgur.com/BKSyvRg.jpg

Note: using vpnc with cisco vpn does not work either. My settings are:
root@pc:~# cat /etc/vpnc/myvpn.conf
Code:
IPSec gateway  123.123.123.123
IPSec secret pwd_group
IKE Authmode psk
Xauth username pelle
Xauth password pwd_pelle
Debug 200
IKE DH Group dh2
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with openswan/IPSec configuration combrains Linux - Networking 0 10-10-2012 11:04 PM
Openswan IPSEC issue prashanlk Linux - Networking 0 01-09-2008 03:00 AM
IPSEC openswan prashanlk Linux - Networking 1 12-28-2007 10:47 AM
Openswan IPSEC server prashanlk Linux - Networking 3 12-11-2007 10:13 PM
IPSec OpenSWAN probs zmeda Linux - Networking 0 07-12-2006 05:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration