Hi
I trying to configure a linux box as OpenSwan client for Astlinux.
I followed the HOWTO (http://doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios)
and the VPN server works fine with the Shrew Soft client so I tried to mimic
it's settings in openswan but the connection fails in phase1 negotiation. I put
the server to full debug but I don't get too much useful info:
daemon.info racoon: ERROR: phase1 negotiation failed due to time up.
I'm not an IPSEC expert so it's 100% I made a fatal mistake in ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
protostack=netkey
nat_traversal=yes
plutodebug=all
oe=off
conn ast
auto=add
authby=rsasig
# Client
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
modecfgpull=yes
leftca=cacert
leftcert=/etc/linuxclient.crt
leftrsasigkey=%cert
leftid=%cert
leftxauthusername=linuxuser1
# Server
right=192.168.1.2
rightsubnet=10.4.1.0/16
rightsourceip=10.4.1.1
rightxauthserver=yes
rightmodecfgserver=yes
rightca=same
ike=aes256-sha1-modp1024 # group2
phase2alg=aes256-sha1;modp1024 # group2
keylife=60m
There is no FW between the client and the server and ipsec.secrets have the
right XAUTH secret. Please someone who solved this help.
Thank you!
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
