VPN configuration question
This is a discussion on VPN configuration question within the Linux Networking forums, part of the Linux Forums category; Plan to build VPN between machines A and B (RH9, FreeSwan 2.04). Both A and B are end machines, ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-25-2003
|
|||
|
|||
VPN configuration question
Plan to build VPN between machines A and B (RH9, FreeSwan 2.04).
Both A and B are end machines, there is no network behind them. The physical layout is A-----Gateway-----B Use manual Keying scheme. Both /etc/ipsec.secrets are 130.91.48.158 130.91.50.162 : PSK "0xMySecretKey" Both /etc/ipsec.conf (with slight change, of course): config setup interfaces="ipsec0=eth0" klipsdebug=all plutodebug=all conn A-B left=130.91.48.158 leftsubnet=192.168.9.0/24 leftnexthop=130.91.48.1 # Building gateway leftid=130.91.48.158 right=130.91.50.179 rightsubnet=192.168.0.0/24 rightnexthop=130.91.48.1 # Building gateway rightid=130.91.50.179 keyingtries=0 spi=0x1111 esp=3des-md5-96 espenckey=0xMySecretKey espauthkey=0xAnotherSecretKey I run $ service ipsec start $ ipsec manual --up A-B The system doesn't return any error. However, VPN is not up. I've spent hours playing with the configuration file, but haven't made an progress. Do I have to set up a reverse DNS RR in order to make it work? Any guru can help spot problems? I hope to get it to work at least during the upcoming Thanksgiving holidays. Thanks all. Donald Li Dept. of Physics Univ. of Penn Below is from /var/log/secure on one machine: Nov 25 15:40:32 nscp32 ipsec__plutorun: Starting Pluto subsystem... Nov 25 15:40:32 nscp32 pluto[4387]: Starting Pluto (FreeS/WAN Version 2.04 PLUTO_USES_KEYRR) Nov 25 15:40:32 nscp32 pluto[4387]: Using KLIPS IPsec interface code Nov 25 15:40:32 nscp32 pluto[4387]: added connection description "packetdefault" Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "block" Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "clear-or-private" Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "clear" Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "private-or-clear" Nov 25 15:40:33 nscp32 pluto[4387]: added connection description "private" Nov 25 15:40:33 nscp32 pluto[4387]: listening for IKE messages Nov 25 15:40:33 nscp32 pluto[4387]: adding interface ipsec0/eth0 130.91.48.158 Nov 25 15:40:33 nscp32 pluto[4387]: loading secrets from "/etc/ipsec.secrets" Nov 25 15:40:33 nscp32 pluto[4387]: loading group "/etc/ipsec.d/policies/private" Nov 25 15:40:33 nscp32 pluto[4387]: loading group "/etc/ipsec.d/policies/private-or-clear" Nov 25 15:40:33 nscp32 pluto[4387]: loading group "/etc/ipsec.d/policies/clear" Nov 25 15:40:33 nscp32 pluto[4387]: loading group "/etc/ipsec.d/policies/clear-or-private" Nov 25 15:40:33 nscp32 pluto[4387]: loading group "/etc/ipsec.d/policies/block" Nov 25 15:40:55 nscp32 pluto[4387]: can not use our IP (130.91.48.158:TXT) as identity: we don't know our own RSA key Nov 25 15:41:00 nscp32 pluto[4387]: can not use our hostname (@nscp32.physics.upenn.edu:TXT) as identity: we don't know our own RSA key Nov 25 15:41:00 nscp32 pluto[4387]: can not use our IP (130.91.48.158:KEY) as identity: we don't know our own RSA key 
|
Linear Mode
