Hosting Provided By

[Users] Problems with road warrior VPN

From: Roger Freitas Lovato <roger(at)lovato.com.br>
Date: Fri Feb 27 2004 - 12:43:09 EST

Hello friends,

I have two network and I would like to connect then with a VPN, but one side has a fixed IP (right) and the other side has a dynamic IP (left). I'm trying to configure a simple road warrior VPN as the graphic below:

   left: %defaultgateway                     right: XXX.XXX.XXX.XXX
   leftsub: 192.168.1.0/24                   rightsub: 192.168.0.0/24
   interface: ppp0                           interface: eth0

   ( )---+      +-----+         VPN          +-----+      +---( )
         |      | GW  |      **********      | GW  |      |
   ( )---+------|Linux|-----| INTERNET |-----|Linux|------+---( )
         |      |     |      **********      |     |      |
   ( )---+      +-----+                      +-----+      +---( )

I'm using this configuration:

*LEFT SIDE (dynamic IP):*

config setup

        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        plutoload=%search
        plutostart=%search

conn %default
        keyingtries=1


        #disablearrivalcheck=no


        authby=rsasig

conn avantiprima
        left=%defaultroute
        leftsubnet=
        leftnexthop=
        leftid=@maracana
        leftrsasigkey=0sAQN9...
        right=XXX.XXX.XXX.70
        rightsubnet=192.168.0.0/24
        rightnexthop=XXX.XXX.XXX.69
        rightid=@barra
        rightrsasigkey=0sAQN...


        #rekey=yes


        #keyingtries=0


        auto=start

*RIGHT SIDE (fixed IP):*

config setup

        interfaces="ipsec0=eth0"
        klipsdebug=all
        plutodebug=all
        plutoload=%search
        plutostart=%search

conn %default
        keyingtries=1


        #disablearrivalcheck=no


        authby=rsasig

# left = Maracanã
# right = Barra
conn avantiprima

        left=%any
        leftsubnet=
        leftnexthop=
        leftid=@maracana
        leftrsasigkey=0sAQN9...
        right=XXX.XXX.XXX.70
        rightsubnet=192.168.0.0/24
        rightnexthop=XXX.XXX.XXX.69
        rightid=@barra
        rightrsasigkey=0sAQN...

        #keylife=1h

        #rekey=yes

        auto=add*

*
Well, this is not working.. :(

Do you need help?

When I fix the IPs of the two sides, the VPN works.

In my secure log, they appear the following lines in the right side:

Feb 14 13:38:19 Linuxrouter pluto[12833]: | 192.168.0.0/24===XXX.XXX.XXX.70[@barra]---YYY.YYY.YYY.6 9...%any[@maracana]
Feb 14 13:38:19 Linuxrouter pluto[12833]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s
; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK Feb 14 13:38:19 Linuxrouter pluto[12833]: | next event EVENT_SHUNT_SCAN in 120 seconds

Feb 14 13:38:19 Linuxrouter pluto[12833]: |
Feb 14 13:38:19 Linuxrouter pluto[12833]: | *received whack message
Feb 14 13:38:19 Linuxrouter pluto[12833]: listening for IKE messages
Feb 14 13:38:19 Linuxrouter pluto[12833]: | found lo with address 127.0.0.1
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.freeswan.org Links
1998-fall
1998-spring
1998-summer
1998-winter
1999-winter
announce
briefs
bugs
design
freeswan-list
hipsec
ietf-sectest
users
users-admin
Request more information about Pantek
Feb 14 13:38:19 Linuxrouter pluto[12833]: | found eth0 with address

XXX.XXX.XXX.70
Feb 14 13:38:19 Linuxrouter pluto[12833]: | found eth1 with address 192.168.0.254
Feb 14 13:38:19 Linuxrouter pluto[12833]: | found ipsec0 with address XXX.XXX.XXX.70
Feb 14 13:38:19 Linuxrouter pluto[12833]: | IP interface eth1 192.168.0.254 has no matching ipsec* interface -- ignored Feb 14 13:38:19 Linuxrouter pluto[12833]: adding interface ipsec0/eth0 XXX.XXX.XXX.70
Feb 14 13:38:19 Linuxrouter pluto[12833]: | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored Feb 14 13:38:19 Linuxrouter pluto[12833]: loading secrets from "/etc/ipsec.secrets"
Feb 14 13:38:19 Linuxrouter pluto[12833]: | next event EVENT_SHUNT_SCAN in 120 seconds
Feb 14 13:38:26 Linuxrouter pluto[12833]: | Feb 14 13:38:26 Linuxrouter pluto[12833]: | *received 176 bytes from YYY.YYY.YYY.49:500 on eth0
Feb 14 13:38:26 Linuxrouter pluto[12833]: | 89 84 b2 43 8a 0f e4 63 00 00 00 00 00 00 00 00
[...cute...]

Feb 14 13:38:26 Linuxrouter pluto[12833]: | **parse ISAKMP Message:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    initiator cookie:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |   89 84 b2 43  8a 0f e4 63
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    responder cookie:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |   00 00 00 00  00 00 00 00
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    next payload type:

ISAKMP_NEXT_SA
Feb 14 13:38:26 Linuxrouter pluto[12833]: | ISAKMP version: ISAKMP Version 1.0
Feb 14 13:38:26 Linuxrouter pluto[12833]: | exchange type: ISAKMP_XCHG_IDPROT

Feb 14 13:38:26 Linuxrouter pluto[12833]: |    flags: none
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    message ID:  00 00 00 00
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    length: 176
Feb 14 13:38:26 Linuxrouter pluto[12833]: | ***parse ISAKMP Security

Association Payload:
Feb 14 13:38:26 Linuxrouter pluto[12833]: | next payload type: ISAKMP_NEXT_NONE

Feb 14 13:38:26 Linuxrouter pluto[12833]: |    length: 148
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    DOI: ISAKMP_DOI_IPSEC
Feb 14 13:38:26 Linuxrouter pluto[12833]: | instantiated "avantiprima"

for YYY.YYY.YYY.49
Feb 14 13:38:26 Linuxrouter pluto[12833]: | creating state object #1 at 0x80a7a98
Feb 14 13:38:26 Linuxrouter pluto[12833]: | ICOOKIE: 89 84 b2 43 8a 0f e4 63
Feb 14 13:38:26 Linuxrouter pluto[12833]: | RCOOKIE: 08 a9 a0 27 a5 ee 88 07

Feb 14 13:38:26 Linuxrouter pluto[12833]: | peer:  c8 d9 66 31
Feb 14 13:38:26 Linuxrouter pluto[12833]: | state hash entry 24
Feb 14 13:38:26 Linuxrouter pluto[12833]: | inserting event

EVENT_SO_DISCARD, timeout in 0 seconds for #1 Feb 14 13:38:26 Linuxrouter pluto[12833]: "avantiprima"[1] YYY.YYY.YYY.49 #1: responding to Main Mode from unknown peer 200.217.102.49

Feb 14 13:38:26 Linuxrouter pluto[12833]: | **emit ISAKMP Message:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    initiator cookie:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |   89 84 b2 43  8a 0f e4 63
Feb 14 13:38:26 Linuxrouter pluto[12833]: |    responder cookie:
Feb 14 13:38:26 Linuxrouter pluto[12833]: |   08 a9 a0 27  a5 ee 88 07

[...cute...]
Feb 14 13:38:26 Linuxrouter pluto[12833]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Feb 14 13:38:26 Linuxrouter pluto[12833]: | next event EVENT_RETRANSMIT in 10 seconds for #1
[...cute...]
Feb 14 13:39:33 Linuxrouter pluto[12493]: "avantiprima"[1] YYY.YYY.YYY.49 #1: discarding duplicate packet; already STATE_MAIN_R2

Thanks,

Roger

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Fri Feb 27 12:54:11 2004

This message: [ Message body ]
Next message: darrell_montgomery(at)cknainc.com: "[Users] lol"
Previous message: InterScan Notification: "[Users] Virus O virus (WORM_NETSKY.B) foi detectado no ar quivo"
In reply to Paul Wouters: "Re: [Users] freeswan configuration issue (at least i hope so)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:06 EDT