General discussion

  • Creator
    Topic
  • #2188317

    Serius VPN Problem

    Locked

    by felix836 ·

    I used Openswan to set up VPN in Fedora Core 2 but face a problem, hope someone can answer me what’s wrong. Thanks!

    I am trying to setup a simple “test” connection and pings route accross fine but there seems to be no tunnel up

    192.168.2.0/24===192.168.1.105—192.168.1.106===192.168.2.0/24

    When running ‘ipsec auto –up conn-name’ I get:

    104 “net” #5: STATE_MAIN_I1: initiate
    003 “net” #5: received Vendor ID payload [Dead Peer Detection]
    106 “net” #5: STATE_MAIN_I2: sent MI2, expecting MR2
    108 “net” #5: STATE_MAIN_I3: sent MI3, expecting MR3
    004 “net” #5: STATE_MAIN_I4: ISAKMP SA established
    117 “net” #6: STATE_QUICK_I1: initiate
    004 “net” #6: STATE_QUICK_I2: sent QI2, IPsec SA established
    {ESP=>0xe44c222a <0x44ef47be}

    If I run a 'service ipsec status' I get the following output:

    IPsec running
    pluto pid ......
    No tunnels up

    And if I run a 'ipsec look', then I get the following:

    VPN Wed May 18 18:12:49 MYT 2005
    cat: /proc/net/ipsec_spigrp: No such file or directory
    cat: /proc/net/ipsec_eroute: No such file or directory
    egrep: /proc/net/ipsec_tncfg: No such file or directory
    sort: open failed: /proc/net/ipsec_spi: No such file or directory

    ipsec.conf is setup as follows ...

    version 2.3.1-1

    # basic configuration
    config setup
    interfaces="ipsec0=eth0"
    klipsdebug=none
    plutodebug=none
    uniqueids=yes
    conn net
    left=192.168.1.105
    leftsubnet=192.198.2.0/24
    leftrsasigkey=
    leftnexthop=192.168.1.106
    right=192.168.1.106
    rightsubnet=192.198.2.0/24
    rightrsasigkey=

    rightnexthop=192.168.1.105
    auto=add

    I verified my rsasigkeys to what is in the ipsec.secrets files.

    The addresses 192.168.1.105 and 192.168.1.106 are aliases, there’s
    any problem?
    So, I don’t know what’s wrong ….

All Comments

  • Author
    Replies
    • #3254711

      Reply To: Serius VPN Problem

      by nico baggus ·

      In reply to Serius VPN Problem

      192.168.2.0/24===192.168.1.105—192.168.1.106===192.168.2.0/24

      Are you really sure about this config?, in that
      case the remote is never reached through the
      tunnel as the network is 192.168.2.0/24 on both
      sides.

      To route across the tunnel the left network
      could be 192.168.2.0/25 and the right network
      be 192.168.2.128/25 (split the network in two
      halves) of modify either left or right network
      to a different address range like
      192.168.3.0/24.

      The network base addresses really need to be
      different, otherwise everything will just go to
      the local network.

      Kind regards,
      Nico Baggus

Viewing 0 reply threads