ipsec configuration not working any more


I am connecting to my company network (bintec router x.4100 + vpn) using a openswan configuration.

This worked happily using 9.3 (selfcompiled kernel), 10.3 (only setup configuration) but fails miserably on 11.0.

As I require aggressive mode, I have already recompiled ipsec-tools and the openswan source package from the software repository with USE_AGGRESSIVE=true.

But I did only make programs install, I did not succeed in running the full make for the openswan package (compilation fails with an error, don’t know why yet).

Actually, I have a pluto version that seems to support aggressive mode, but it is yielding a “system too busy” message and then bails out with some routing issues (no route to host etc.)

I would love to use kvpnc for example, but the wizard did not work either, and before I invested zillions of time in kvpnc not able to parse the racoon config file it just created, I’d rather invest into getting openswan itself up and running.

My questinon is now: Does someone actually have a working configuration of ipsec and aggressive mode pluto running and - wonders may happen - even build packages for it?

Flame: I find it pretty annoying to have no aggressive mode once of a sudden. I switched over to OpenSuse11 to finally get into a stable distribution again and use precompiled packages. Haha, what a nonsense, just installed it and already compiling and installing stuff without packages after just one day of running, had that with suse9.3 already :frowning:

[size=1]BTW: I do not care about the aggrmode security issue. I am fully aware of it, I know about it and I take the risk. Do not try to convince me, how bad this decision actually is. Currently I personally have only one bad decision done, namely installing OpenSuse11 instead of 10.3…
Thank you very much for your assistance!


I have to add another thing. As I have just seen, the openswan version of OpenSuse11 is not even listed any more at the openswan website (OpenSuse 11 delivers 2.4.7, while currently 2.6.14 is the current version!).

Is there any good reason behind this? What is the replacement for using openswan?

Sorry, I haven’t dealt with IPSec for a long time, so I’m no help with your query, but IIRC, a while back, Linux left the *swan tools and went with the KAME tools, renamed IPSec-Tools after porting.

Issue is solved:

  • compiled and installed latest openswan package (only programs required)
  • modified my ipsec.conf to reflect the new features
  • leftsourceip did the trick with my NAT routerlol!

changing the icon