lug-bg: OpenSwan IKE VPN

Thu, 29 Jul 2004 03:50:05 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Здравейте!

Опитвам се да пусна VPN с OpenSwan (Openswan IPsec U2.1.4/K2.6.7...) с 
използване на IKE. Мисля че всичко изглежда наред, но не иска да оторизира 
връзката:

Jul 29 13:23:03 linux pluto[15180]: packet from 213.91.163.5:500: ignoring 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jul 29 13:23:03 linux pluto[15180]: packet from 213.91.163.5:500: initial Main 
Mode message received on 213.91.244.53:500 but no connection has been 
authorized

13:23:03.192334 213.91.163.5.isakmp > 213.91.244.53.isakmp: isakmp 1.0 msgid 
00000000: phase 1 I ident: [|sa] [tos 0x80]  (ttl 252, id 37102, len 128)
13:23:37.218342 213.91.163.5.isakmp > 213.91.244.53.isakmp: isakmp 1.0 msgid 
00000000: phase 1 I ident: [|sa] [tos 0x80]  (ttl 252, id 12289, len 128)

Конфигурацията изглежда така: 

[ /etc/ipsec.conf ]

version 2.0
config setup
        interfaces="ipsec0=ppp0"
        klipsdebug=none
        plutodebug=none
#       plutoload=%search
#       plutostart=%search
#       uniqueids=yes


conn VM-IKE-VPN
        type=tunnel
        left=%defaultroute
        right=213.91.163.5
        rightsubnet=192.168.0.0/16
        keyingtries=0
        keyexchange=ike
        auto=route
        auth=esp
        esp=3des-hmac-md5
        authby=secret

[ /etc/ipsec.secrets ]

213.91.163.5 @XXXXXXX213C6 : PSK "XXXXXXX3f7c71d1"


213.91.163.5 е отсрещен VPN gateway
192.168.0.0/16 е отсрещна LAN мрежа

213.91.244.53 VPN GW (self)
10.0.0.0/8 LAN (self)

Някой борил ли е IKE VPN с FreeSwan/OpenSwan?
Ако се определи 'interfaces=%defaultroute' (ppp0) целият routing си отива.
Благодаря за мненията :)

- -- 
:wq

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBCNRomCN1eSWR9owRAvSBAJ4t9r/5mfaqbOCCoEHmyMGHpLG/IgCeKrjQ
mPnAx0pkYr2q1R2rXracgto=
=HyXH
-----END PGP SIGNATURE-----

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Reply via email to