[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Problem with interopt OpenBSD-FreeS/WAN
Hi all,
I try to build a VPN conection between OpenBSD (2.9 i386, name is phex) and
Linux ( SuSE 7.2, 2.4.4, name is acad11) with freeswan (1.9_0.8.2). I see
that the SAs were established between OBSD and Linux. But now I have a
problem. If I try to ping from my Linux to OBSD it seems that the ping gets
lost, but when I make a tcpdump I see the following:
acad11: # tcpdump host phex and host acad11
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
10:31:54.159354 acad11.schrv > phex.schrv: ip-proto-50 100 (DF)
10:31:54.159354 phex.schrv > acad11.schrv: ip-proto-50 100 (DF)
10:31:55.159354 acad11.schrv > phex.schrv: ip-proto-50 100 (DF)
10:31:55.159354 phex.schrv > acad11.schrv: ip-proto-50 100 (DF)
When I ping from the OBSD to Linux I see this with tcpdump:
acad11: # tcpdump host phex and host acad11
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
10:44:54.169354 phex.schrv > acad11.schrv: ip-proto-50 100
10:44:55.189354 phex.schrv > acad11.schrv: ip-proto-50 100
here are my SA's
acad11:# ipsec look
acad11 Tue Aug 9 11:08:38 CEST 2001
172.16.4.83/32 -> 172.16.4.100/32 => esp0x6c0be2cf@172.16.4.100
ipsec0->eth0 mtu=16260->1500
esp0x6c0be2cf@172.16.4.100 ESP_3DES_HMAC_MD5: dir=out src=172.16.4.83
iv_bits=64bits iv=0x552097172964378e ooowin=64 seq=14 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(1680,0,0)add(273,0,0)use(262,0,0)packets(14,0,0) idle=249
esp0xa650e77d@172.16.4.100 ESP_3DES_HMAC_SHA1: dir=out src=172.16.4.83
iv_bits=64bits iv=0xd43d6cb9ea481cb1 ooowin=64 alen=160 aklen=160 eklen=192
life(c,s,h)=add(293,0,0)
esp0xbd2f825@172.16.4.83 ESP_3DES_HMAC_SHA1: dir=in src=172.16.4.100
iv_bits=64bits iv=0x0cd3bfefd6b891eb ooowin=64 alen=160 aklen=160 eklen=192
life(c,s,h)=add(293,0,0)
esp0xbd2f826@172.16.4.83 ESP_3DES_HMAC_MD5: dir=in src=172.16.4.100
iv_bits=64bits iv=0x549f050bb2e3b20d ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=add(273,0,0)
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 172.16.1.1 0.0.0.0 UG 40 0 0
eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 40 0 0
eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 40 0 0
ipsec0
172.16.4.100 172.16.4.100 255.255.255.255 UGH 40 0 0
ipsec0
When I watch the debug messages from klipdebug I get the following entry:
Aug 9 10:50:48 acad11 kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Aug 9 10:50:48 acad11 kernel: klips_debug:ipsec_rcv: Why the hell is
someone passing me a non-ipsec packet? -- dropped.
Aug 9 10:50:49 acad11 kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Aug 9 10:50:49 acad11 kernel: klips_debug:ipsec_rcv: Why the hell is
someone passing me a non-ipsec packet? -- dropped.
Aug 9 10:50:50 acad11 kernel: klips_debug:ipsec_rcv: <<< Info --
skb->dev=eth0 dev=eth0
Aug 9 10:50:50 acad11 kernel: klips_debug:ipsec_rcv: Why the hell is
someone passing me a non-ipsec packet? -- dropped.
It seems to me that OBSD not speek ipsec OR that freeswan don't understand
OBSD. But i have read several howtos in which they say it works. Have
anyone some experience with this konfiguration and can help me or point me
to a online or offline resource
here are my config files
(See attached file: ipsec.conf)(See attached file: isakmpd.conf)
Jörg Bogenrieder
SyTech Schuler GmbH
Im Kammerbrühl 28
88212 Ravensburg
www.sytech.de
joerg.bogenrieder@sytech.de
Tel.: +49 (0)751/3606-470
Fax: +49 (0)751/3606-490
[demime 0.98d removed an attachment of type application/octet-stream which had a name of =?iso-8859-1?Q?ipsec.conf?=]
[demime 0.98d removed an attachment of type application/octet-stream which had a name of =?iso-8859-1?Q?isakmpd.conf?=]