Ubuntu Linux laptop roadwarrior to IPCop VPN 1.4.6

Frederic Soulier frederic at wallaby.uklinux.net
Thu Jul 21 20:20:14 UTC 2005 

Ok I got it working as follows:

I connected to the IPCop 1.4.6 VPN using a pre-shared key from my  
laptop running Ubuntu Linux (Hoary) 5.0.4 over a wireless connection!  
Cool :)

You need to install OpenSwan.
$ sudo apt-get install openswan

Here is a link from which I got most of the info
http://www.smoothwall.net/support/knowledge/view.php?id=42


In your /etc/ipsec.conf:
========================
version 2

conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore

conn clear
     auto=ignore

conn packetdefault
     auto=ignore

config setup
     nat_traversal=yes

conn myvpn
     left=%defaultroute
     right=x.y.z.w
     rightsubnet=192.168.0.0/255.255.255.0
     authby=secret
     auth=esp
     pfs=yes
     compress=no
     auto=add


Note (1): replace x.y.z.w with the public IP of the IPCop VPN you  
want to access
Note (2): change rightsubnet as per the internal network (GREEN)  
behind the IPCop firewall
Note (3): you can change "myvpn" to another name if you want to


In your /etc/ipsec.secrets you just need:
=========================================
: PSK "pre-shared key defined in the IPCop VPN"



To start IPsec:
    # /etc/init.d/ipsec start

To stop IPsec:
    # /etc/init.d/ipsec stop

To bring up the VPN tunnel:
    # ipsec auto --up myvpn

To bring down the VPN tunnel:
    # ipsec auto --down myvpn


Works a treat. Enjoy!


On 21 Jul 2005, at 12:37, Eric S. Johansson wrote:

> Frederic Soulier wrote:
>
>> Hi
>> I've an IPCop firewall 1.4.6 setup with VPN activated with a pre-  
>> shared key.
>> I can connect to it without problem using IPSecuritas from a Mac  
>> OS X  roadwarrior or TheGreenBow VPN from a Windows XP Pro  
>> roadwarrior but  so far no luck with connecting from a Linux  
>> roadwarrior running  Ubuntu Hoary (5.0.4)...
>>
>
> as they say, two out of three isn't bad... unless you're the one.
>
>
>> Ubuntu laptop (using a wireless Netgear WG511 card):
>>    IP: 192.168.0.121
>> $ sudo apt-get install openswan (to get Openswan installed)
>>
>
> I wonder if part of the problem might be that IPCop is still on 1.x  
> openswan.  we really need to upgrade.
>
>
>> conn office
>>     left=%defaultroute
>>     right=<public IP of the IPCop VPN>
>>     rightsubnet=192.168.50.0/24
>>     auto=add
>>
>
> I suggest taking this problem to the IPCop users mailing list.  I'd  
> also like to see the full configuration you are using.
>
>
>> Then I try to bring the connection up
>> $ sudo ipsec auto --up office
>> 104 "office" #1: STATE_MAIN_I1: initiate
>> 010 "office" #1: STATE_MAIN_I1: restransmission; will wait 20s  
>> for  response
>> 010 "office" #1: STATE_MAIN_I1: restransmission; will wait 40s  
>> for  response
>> ....
>> So I just Ctrl-C here because it does do anything good.
>> Trying to ping my internal netwwork gives:
>> connect: Resource temporarily unavailable
>> I have to stop IPsec to get my network back...
>> $ sudo /etc/init.d/ipsec stop
>> Any info would be appreciated. Thanks.
>>
>
> you have more problems than just IPsec.  For example, when you turn  
> on IPsec what happens to the routing?  use netstat -nr
>
> ---eric
>
>
> -- 
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>



--
Frederic P. Soulier
OpenPGP key available on http://pgpkeys.mit.edu/
1024D/BA6700ED   49A6 8E8E 4230 8D41 1ADE  B649 3203 1DD2 BA67 00ED

More information about the ubuntu-users mailing list