openswan e ipsec.conf

[antonio1]

Ciao a tutti,

sulla mia rete internal ho un pc con ip 192.168.0.6 ed un altro che fa da gateway con due schede di rete con i seguenti indirizzi 192.168.0.20 e 192.168.23.254.

Vorre fare un collegamento in modalita tunnel tra questi due pc con openswan ma non riesco a configurare opportunamente i dei file /etc/ipsec/ipsec.conf sui due computer.

Sul pc con 192.168.0.6. ho la seguente configurazione:--------------------------------------

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns


# Add connections here.

# sample RoadWarrior connection
conn road
left = 192.168.0.6
leftrsasigkey = 0sAQO8l97fPXqa9y5s4P+2GNfUYcx/ZUYaHZ5eMGWx11gsbv/UsKq$
right = 192.168.0.20
rightrsasigkey = 0sAQNpY6tenSDF1UNYIKPm1Yik+ZGc9S28nZPkzo05JV/frSLqbS$
auto = add
---------------------------------------------------------------------------------------------------------

Mentre sul gateway ho la seguente:


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns


# Add connections here.

# sample RoadWarrior connection
conn road
left = 192.168.0.20
leftrsasigkey = 0sAQNpY6tenSDF1UNYIKPm1Yik+ZGc9S28nZPkzo05JV/frSLqbS$
right = 192.168.0.6
rightsasigkey = 0sAQO8l97fPXqa9y5s4P+2GNfUYcx/ZUYaHZ5eMGWx11gsbv/UsKq
auto = add
---------------------------------------------------------------------------------------------------------

Facendo /etc/init.d/ipsec start il processo parte correttamente.
Quano faccio:
ipsec auto --up road

ottengo:

104 "road" #1: STATE_MAIN_I1: initiate
010 "road" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "road" #1: STATE_MAIN_l1: retransmission; will wait 40s for response
.....

grazie