From: Fred de Klein (fred.deklein_at_iosystems.co.uk)
Date: Wed Nov 27 2002 - 15:41:27 CET
I have the following problem:
Have setup one machine (SuSE7.3) as a gateway, and one laptop as a road
warrior.
==========================================================
#Devil-Zara tunnel
#The network here looks like:
# leftsubnet=======left--------leftnexthop....Dynamic IP.
#If left and right are on the same Ethernet, omit leftnexthop and
rightnexthop.
conn devil-zara
#Identity we use in authentication exchanges
leftid=@iort3.iosystems.co.uk
leftrsasigkey=0sAQPzAZLjsGEvDGNc4N4Mh4wArfKaBKURPHqIxUkPGZL++s1mR9eRHygD
UP9tyQ+E7/gm+q36sqxzTSWjoNi8Z97I95rpBNRqybBVZmAQHVescgeIBqD16DxrEwHBQ6ZY72iF
ub3z
XIGww3te/ao8DpgIP0Cf9KzNMKZnraQfmgj88uFTjFneBw9ViiZokYcl3CTLizIRemqFuA41YdG4
vqjC
jzBSxy1X7usBEzkGzGMQ9bD6M1+H+0swwgpMMQdFnDPdD/411kHxmISInG124BBOE9+xL3XHVGu4
PB4z
jgPDqVoEOSJuA+o6ndQmrDP8uQmMf5j3X1gto3klDtp00O5p
#left security gateway (public network address)
left=217.33.203.132
#next hop to reach right
#subnet behind left (leave out if there is no subnet)
leftsubnet=217.33.203.128/28
#right s.g., subnet behind it, plus next hop to reach left
right=%any
#Any address provided authentication works
rightid=@devil.iosystems.co.uk
# RSA 2048 bits devil Mon Nov 4 17:28:37 2002
rightrsasigkey=0sAQNYylH250iSacTUt0QnXXPvYkHOTTx3LAN37PIvuZMWQYEvTtL0Gre
tQ3Tu0EF5qgp05lzskcHo/pYS5kyk39joXmgzLjSb0FEN6asFoW+1uE8YHJxRyUVP54gHTR4+cIE
PkBh
QMXs25PlueB1vYBoMu5n4Wd4S1b93k1XnOTh9oUv/49KgR4pK0hjnjLbPfL0coUkR/k66zz4TLWo
TXlw
CwVnr1LXwSNxwfB87AnFzR5loS37oS6hd8pASXQLa5vn+MuTJXW8ukF/NB3fXKBOO92uQTeX5UkA
+odY
/zhr1N5RCzEFburWrSDbCC6hfZa9G+N5olq/BH2cjrFse4DTp
auto=add
#No retry if IP connectivity is gone
keyingtries=1
========================================================
where this is the output of the gateway of the ipsec.conf and this is the
output of the roadwarrior (with devil linux)
=============================================================
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=ppp0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
#conn %default
#Use RSA based authentication with certificates
#how persistent to be in (re)keying negotiations (0 means very)
# keyingtries=0
#How to authenticate gateways
# authby=rsasig
# auto=start
#Devil-Zara tunnel
#The network here looks like:
# leftsubnet=======left--------leftnexthop....Dynamic IP.
#If left and right are on the same Ethernet, omit leftnexthop and
rightnexthop.
conn devil-zara
#Identity we use in authentication exchanges
leftid=@iort3.iosystems.co.uk
leftrsasigkey=0sAQPzAZLjsGEvDGNc4N4Mh4wArfKaBKURPHqIxUkPGZL++s1mR9eRHygD
UP9tyQ+E7/gm+q36sqxzTSWjoNi8Z97I95rpBNRqybBVZmAQHVescgeIBqD16DxrEwHBQ6ZY72iF
ub3z
XIGww3te/ao8DpgIP0Cf9KzNMKZnraQfmgj88uFTjFneBw9ViiZokYcl3CTLizIRemqFuA41YdG4
vqjC
jzBSxy1X7usBEzkGzGMQ9bD6M1+H+0swwgpMMQdFnDPdD/411kHxmISInG124BBOE9+xL3XHVGu4
PB4z
jgPDqVoEOSJuA+o6ndQmrDP8uQmMf5j3X1gto3klDtp00O5p
#left security gateway (public network address)
left=217.33.203.132
#next hop to reach right
#subnet behind left (leave out if there is no subnet)
leftsubnet=217.33.203.128/28
#right s.g., subnet behind it, plus next hop to reach left
right=%any
#Any address provided authentication works
rightid=@devil.iosystems.co.uk
# RSA 2048 bits devil Mon Nov 4 17:28:37 2002
rightrsasigkey=0sAQNYylH250iSacTUt0QnXXPvYkHOTTx3LAN37PIvuZMWQYEvTtL0Gre
tQ3Tu0EF5qgp05lzskcHo/pYS5kyk39joXmgzLjSb0FEN6asFoW+1uE8YHJxRyUVP54gHTR4+cIE
PkBh
QMXs25PlueB1vYBoMu5n4Wd4S1b93k1XnOTh9oUv/49KgR4pK0hjnjLbPfL0coUkR/k66zz4TLWo
TXlw
CwVnr1LXwSNxwfB87AnFzR5loS37oS6hd8pASXQLa5vn+MuTJXW8ukF/NB3fXKBOO92uQTeX5UkA
+odY
/zhr1N5RCzEFburWrSDbCC6hfZa9G+N5olq/BH2cjrFse4DTp
auto=add
#No retry if IP connectivity is gone
keyingtries=0
=====================================================
I now can connect to the Internet, and can ping the gateway, however get the
" 022 "devil-zara" we have no ipsecN interface for either end of this
connection" message
Any help is much appreciated.
Regards
Fred de Klein
Io Systems
* 01234 756693
* 07904 049934 (M)
__________________________
Privacy and Confidentiality Notice
This message (including any attachments) is strictly confidential and
intended solely for the person or organisation to which it is addressed. It
may contain privileged and confidential information and if you are not an
intended recipient, you must not copy, distribute or take any action in
reliance on it. If you have received this message in error, please notify us
as soon as possible and delete it and any attached files from your system.
The contents of this transmission are the view of the sender and do not
necessarily reflect those of Io Systems Limited. Io Systems Limited has
taken all reasonable precautions to ensure that any attachments to this
email do not carry software viruses. However we cannot accept any
responsibility for any damage sustained as a result of software viruses and
would advise you to carry out you own virus checks before opening any
attachment.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Nov 28 2002 - 05:20:53 CET