Openswan-Linux Enterprise Application-Linux server application information. For details, refer to the following section. In my experiment, I needed to implement IPSEC in linux. I decided to use openswan. The system was FC6. After installing openswan in ten minutes, use ipsec verify to check all the oks except for the final OE. Then I start to configure it. I am going to implement the road warrior mode. My experiment environment is:
In the above experiment environment, both the notebook and Virtual Machine 1 are FC6 and both are installed with openswan. The test and installation are successful. virtual machines 1 and 2 are virtualized by the PC Through vmware, the eth0 (192.168.0.20.) of Virtual Machine 1 is connected to vmnet0, while eth1 (192.168.2.1) is connected to Virtual Machine 2 through the custom vmnet2.
Ping 192.168.0.136 on laptop, and ping 192.168.0.133,
Ping 192.168.0.136 on VM 1, 192.168.0.138, and 192.168.2.6.
On Virtual Machine 2, ping 192.168.2.1 and 192.168.0.20.
Ipsec. conf ON laptop (@ left) is: Version 2.0 # conforms to second version of ipsec. conf specification
Config setup
Interfaces = % defaultroute
Nat_traversal = yes
Nhelpers = 0
Conn % default
Authby = rsasig
Compress = yes
Include/etc/ipsec. d/examples/no_oe.conf
Conn road
Left = 192.168.0.138
Leftnexthop = @ defaultroute
[Email = leftid = @ left] leftid = @ left [/email]
Leftrsasigkey = xxxx
Right = 192.168.0.20.
Rightsubnet = 192.168.2.0/24
[Email = rightid = @ right] rightid = @ right [/email]
Rightrsasigkey = xxxx
Auto = add
The ipsec. conf file on Virtual Machine 1 (@ right) is: Version 2.0 # conforms to second version of ipsec. conf specification
Config setup
Interfaces = % defaultroute
Nat_traversal = yes
Nhelpers = 0
Conn % default
Authby = rsasig
Compress = yes
Include/etc/ipsec. d/examples/no_oe.conf
Conn road
Left = 192.168.0.20.
[Email = leftid = @ right] leftid = @ right [/email]
Leftsubnet = 192.168.2.0/24
Leftrsasigkey = xxxx
Rightnexthop = @ defaultroute
Right = 192.168.0.138
[Email = rightid = @ left] rightid = @ left [/email]
Rightrsasigkey = xxxx
Auto = add
After configuration, I Enable ipsec: ipsec auto -- up road on the laptop end.
Error: Prompt: 021 no connection named "road" Then, after changing the red field [email = leftnexthop = @ defaultroute] leftnexthop = @ defaultroute [/email] In the ipsec. conf configuration of the laptop end to leftnexthop = 192.168.0.133, Enable ipsec again: # Ipsec auto -- up road The 021 error is no longer displayed: STATE_MAIN_I1: initiate STATE_MAIN_I1: retransmission; will wait 20 s for response STATE_MAIN_I1: retransmission; will wait 40 s for response . . . Why is it still unsuccessful? I am so grateful to you for your help!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
