Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > about freeswan connection

Reply
Thread Tools Display Modes

about freeswan connection

 
 
Jefferson ZHU
Guest
Posts: n/a

 
      02-26-2004, 08:42 AM
hi, everyone

I have tried freeswan, and vpn connection works, but it seems
something goes wrong.

freeswan version: 1.99
linux version: Redhat 7.3

The environment is:

PC1 10.0.1.23 ---- 10.0.1.12 gateway A 192.168.0.12 --
|
|
PC2 10.0.2.23 ---- 10.0.2.12 gateway B 192.168.0.13 --

the ipsec.conf in gateway A is:
################################################## ####
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes

conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand

conn dev1
type=tunnel
left=192.168.0.12
leftsubnet=10.0.1.0/24
right=192.168.0.13
rightsubnet=10.0.2.0/24
keyexchange=ike
keylife=1h
pfs=no
auth=esp
esp=3des-md5-96
authby=secret
keyingtries=0
auto=start
################################################## ####

the ipsec.conf in gateway B is:
################################################## ####
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes

conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand

conn dev2
type=tunnel
left=192.168.0.13
leftsubnet=10.0.2.0/24
right=192.168.0.12
rightsubnet=10.0.1.0/24
keyexchange=ike
keylife=1h
pfs=no
auth=esp
esp=3des-md5-96
authby=secret
keyingtries=0
auto=start
################################################## ####

The dotconf file works well.

I change "esp=3des-md5-96" to "esp=3des-sha1-96" in gateway B's
dotconf file while not change the same parameter in gateway A's
dotconf file, then reboot two machine.
I surprise to see the connection also works?!

I have checked "ipsec spi" and get the following information:

tun0x1006@192.168.0.13 IPIP: dir=out src=192.168.0.12
life(c,s,h)=bytes(7440,0,0)addtime(93,0,0)usetime( 92,0,0)packets(93,0,0)
idle=0
tun0x1005@192.168.0.12 IPIP: dir=in src=192.168.0.13
policy=10.0.2.0/24->10.0.1.0/24 flags=0x8<>
life(c,s,h)=bytes(7360,0,0)addtime(93,0,0)usetime( 91,0,0)packets(92,0,0)
idle=0
tun0x1004@192.168.0.13 IPIP: dir=out src=192.168.0.12
life(c,s,h)=bytes(160,0,0)addtime(95,0,0)usetime(9 4,0,0)packets(2,0,0)
idle=93
tun0x1003@192.168.0.12 IPIP: dir=in src=192.168.0.13
policy=10.0.2.0/24->10.0.1.0/24 flags=0x8<>
life(c,s,h)=bytes(160,0,0)addtime(95,0,0)usetime(9 3,0,0)packets(2,0,0)
idle=92
tun0x1002@192.168.0.13 IPIP: dir=out src=192.168.0.12
life(c,s,h)=bytes(1280,0,0)addtime(110,0,0)usetime (110,0,0)packets(16,0,0)
idle=95
tun0x1001@192.168.0.12 IPIP: dir=in src=192.168.0.13
policy=10.0.2.0/24->10.0.1.0/24 flags=0x8<>
life(c,s,h)=bytes(1360,0,0)addtime(117,0,0)usetime (110,0,0)packets(17,0,0)
idle=94
esp0x6e0e8f7b@192.168.0.12 ESP_3DES_HMAC_MD5: dir=in src=192.168.0.13
iv_bits=64bits iv=0x28671ca350a8b436 ooowin=64 seq=92
bit=0xffffffffffffffff alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(7360,0,0)addtime(93,0,0)usetime( 91,0,0)packets(92,0,0)
idle=0
esp0x6e0e8f7a@192.168.0.12 ESP_3DES_HMAC_MD5: dir=in src=192.168.0.13
iv_bits=64bits iv=0x969100fec7469045 ooowin=64 seq=2 bit=0x3 alen=128
aklen=128 eklen=192 life(c,s,h)=bytes(160,0,0)addtime(95,0,0)usetime(9 3,0,0)packets(2,0,0)
idle=92
esp0x6e0e8f79@192.168.0.12 ESP_3DES_HMAC_MD5: dir=in src=192.168.0.13
iv_bits=64bits iv=0xf90911d581bcf48f ooowin=64 seq=17 bit=0x1ffff
alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(1360,0,0)addtime(117,0,0)usetime (110,0,0)packets(17,0,0)
idle=94
esp0xab87e960@192.168.0.13 ESP_3DES_HMAC_MD5: dir=out src=192.168.0.12
iv_bits=64bits iv=0xe706fa96ea1268df ooowin=64 seq=93 alen=128
aklen=128 eklen=192 life(c,s,h)=bytes(10416,0,0)addtime(93,0,0)usetime (92,0,0)packets(93,0,0)
idle=0
esp0xab87e95f@192.168.0.13 ESP_3DES_HMAC_MD5: dir=out src=192.168.0.12
iv_bits=64bits iv=0x2f73c20d8b0b70be ooowin=64 seq=2 alen=128
aklen=128 eklen=192 life(c,s,h)=bytes(224,0,0)addtime(95,0,0)usetime(9 4,0,0)packets(2,0,0)
idle=93
esp0xab87e95e@192.168.0.13 ESP_3DES_HMAC_MD5: dir=out src=192.168.0.12
iv_bits=64bits iv=0x996cb93412db2cce ooowin=64 seq=16 alen=128
aklen=128 eklen=192 life(c,s,h)=bytes(1792,0,0)addtime(110,0,0)usetime (110,0,0)packets(16,0,0)
idle=95

I do not know where I have a mistake.
Thank you.
 
Reply With Quote
 
 
 
Reply

« WIndows / Linux Communication Issues | problem with ssh and LDAP »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn v. freeswan /dev/null Linux Networking 2 12-07-2004 01:23 AM
freeswan help!!! travisb Linux Networking 4 10-08-2004 08:57 AM
need help with freeswan! Holger Mengel Linux Networking 0 02-13-2004 07:52 AM
Freeswan to Cisco VPN wfitzgerald Linux Networking 0 12-05-2003 09:54 PM
freeswan IPSec Shashank Khanvilkar Linux Networking 2 08-13-2003 12:51 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11