1

OpenSwan issues

view story
linux-howto

http://forums.fedoraforum.org – I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner. My configuration is: OS: Fedora release 7 (Moonshine) OpenSWAN version: Linux Openswan U2.4.7/K2.6.23.17-88.fc7 (netkey) ipsec.conf # /etc/ipsec.conf - Openswan IPsec configuration file # # Manual: ipsec.conf.5 # # Please place your own config files in /etc/ipsec.d/ ending in .conf version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" # interfaces="ipsec0=eth0" interfaces=%defaultroute klipsdebug=all plutodebug=all nat_traversal=yes include /etc/ipsec.d/*.conf myconn.conf conn myconn type=tunnel authby=secret left=a.b.c.d leftsubnet=e.f.g.h/32 right=i.j.k.l rightsubnet=i.j.k.m/32 ike=aes128-md5-modp1024 ikelifetime=24h esp=aes128-md5 pfs=yes pfsgroup=modp1024 keylife=8h auto=start myconn.secrets a.b.c.d i.j.k.l : PSK "myconnkey" In the other side, our partner sees the tunnel as opened, but it seems that my traffic is not routed through the tunnel. In /var/log/messages, when I do a service ipsec start, I get: Jul 21 11:45:35 llwe624 ipsec_setup: ...Openswan IPsec started Jul 21 11:45:45 llwe624 ipsec__plutorun: 104 "myconn" #1: STATE_MAIN_I1: initiate Jul 21 11:45:45 llwe624 ipsec__plutorun: ...could not start conn "myconn" Any idea of what can be happening? (HowTos)