Ubuntu Linux laptop roadwarrior to IPCop VPN 1.4.6

Frederic Soulier frederic at wallaby.uklinux.net
Thu Jul 21 20:20:14 UTC 2005

Ok I got it working as follows:

I connected to the IPCop 1.4.6 VPN using a pre-shared key from my  
laptop running Ubuntu Linux (Hoary) 5.0.4 over a wireless connection!  
Cool :)

You need to install OpenSwan.
$ sudo apt-get install openswan

Here is a link from which I got most of the info

In your /etc/ipsec.conf:
version 2

conn block

conn private

conn private-or-clear

conn clear-or-private

conn clear

conn packetdefault

config setup

conn myvpn

Note (1): replace x.y.z.w with the public IP of the IPCop VPN you  
want to access
Note (2): change rightsubnet as per the internal network (GREEN)  
behind the IPCop firewall
Note (3): you can change "myvpn" to another name if you want to

In your /etc/ipsec.secrets you just need:
: PSK "pre-shared key defined in the IPCop VPN"

To start IPsec:
    # /etc/init.d/ipsec start

To stop IPsec:
    # /etc/init.d/ipsec stop

To bring up the VPN tunnel:
    # ipsec auto --up myvpn

To bring down the VPN tunnel:
    # ipsec auto --down myvpn

Works a treat. Enjoy!

On 21 Jul 2005, at 12:37, Eric S. Johansson wrote:

> Frederic Soulier wrote:
>> Hi
>> I've an IPCop firewall 1.4.6 setup with VPN activated with a pre-  
>> shared key.
>> I can connect to it without problem using IPSecuritas from a Mac  
>> OS X  roadwarrior or TheGreenBow VPN from a Windows XP Pro  
>> roadwarrior but  so far no luck with connecting from a Linux  
>> roadwarrior running  Ubuntu Hoary (5.0.4)...
> as they say, two out of three isn't bad... unless you're the one.
>> Ubuntu laptop (using a wireless Netgear WG511 card):
>>    IP:
>> $ sudo apt-get install openswan (to get Openswan installed)
> I wonder if part of the problem might be that IPCop is still on 1.x  
> openswan.  we really need to upgrade.
>> conn office
>>     left=%defaultroute
>>     right=<public IP of the IPCop VPN>
>>     rightsubnet=
>>     auto=add
> I suggest taking this problem to the IPCop users mailing list.  I'd  
> also like to see the full configuration you are using.
>> Then I try to bring the connection up
>> $ sudo ipsec auto --up office
>> 104 "office" #1: STATE_MAIN_I1: initiate
>> 010 "office" #1: STATE_MAIN_I1: restransmission; will wait 20s  
>> for  response
>> 010 "office" #1: STATE_MAIN_I1: restransmission; will wait 40s  
>> for  response
>> ....
>> So I just Ctrl-C here because it does do anything good.
>> Trying to ping my internal netwwork gives:
>> connect: Resource temporarily unavailable
>> I have to stop IPsec to get my network back...
>> $ sudo /etc/init.d/ipsec stop
>> Any info would be appreciated. Thanks.
> you have more problems than just IPsec.  For example, when you turn  
> on IPsec what happens to the routing?  use netstat -nr
> ---eric
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Frederic P. Soulier
OpenPGP key available on http://pgpkeys.mit.edu/
1024D/BA6700ED   49A6 8E8E 4230 8D41 1ADE  B649 3203 1DD2 BA67 00ED

More information about the ubuntu-users mailing list