<div class="gmail_quote">On Thu, Jun 11, 2009 at 1:40 PM, fbc <span dir="ltr"><<a href="mailto:flexbumpchest@gmail.com">flexbumpchest@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="h5"><div class="gmail_quote">On Tue, Jun 9, 2009 at 7:51 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>On Tue, 9 Jun 2009, fbc wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
CentOS 5.3 x64, Linux Openswan U2.6.14/K2.6.18-128.1.10.el5 (netkey)<br>
I searched google and couldn't really come up with an answer. It works great when I put<br>
my IP from eth0 as "left=" in the config, but when I put left=%defaultroute like I'm<br>
supposed to be able to do, it throws the error:<br>
<br>
[root@testing ipsec.d]# ipsec whack --initiate --name testtun1<br>
022 "testtun1": We cannot identify ourselves with either end of this connection.<br>
</blockquote>
<br></div>
Then you probably do not have a default route? It's no problem to use the ip from eth0<br>
in the config, if it is a static ip.</blockquote><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
ipsec.conf just has the default stuff, and my tunnel of /etc/ipsec.d/testtun1.conf was<br>
fully working when I used my real IP address. I want to be able to use %defaultroute for<br>
a dynamic IP.<br>
</blockquote>
<br></div>
Perhaps you are starting ipsec before you have an ip and default route?<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div></div></div>I've got a default route:<br>[root@testing ~]# route<br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>xxx.245.xxx.224 * 255.255.255.248 U 0 0 0 eth0<br>
10.1.12.0 * 255.255.255.0 U 0 0 0 eth0<br>169.254.0.0 * 255.255.0.0 U 0 0 0 eth0<br>default 225-xxx-245-xxx 0.0.0.0 UG 0 0 0 eth0<br>
<br>Where the x's are my real, publicly accessible IP bound to eth0.<br>I started IPsec (and have subsequently restarted, many times) way after boot. Any other ideas?<br>I've tried setting leftid in the conf & secrets file, no leftid and no left side in the secrets file, etc, nothing seems to work.<br>
Thanks for your time/assistance.<br>
</blockquote></div>Just in case:<br>[root@testing ~]# cat /etc/ipsec.d/test.conf<br>conn testtun1<br> also=testtun<br> rightsubnet=<a href="http://172.23.24.0/24">172.23.24.0/24</a><br><br>conn testtun<br> type=tunnel<br>
auto=add<br> auth=esp<br> pfs=yes<br> authby=secret<br> keyingtries=0<br> left=%defaultroute<br> leftsubnet=<a href="http://10.1.12.0/24">10.1.12.0/24</a><br> right=63.223.114.59<br> aggrmode=no<br>
esp=aes256-sha1<br> keyexchange=ike<br> ike=aes256-sha1<br> keylife="28800"<br> ikelifetime="86400"<br><br>[root@testing ~]# cat /etc/ipsec.d/test.secrets<br>%defaultroute 63.223.114.59 : PSK "test123"<br>
<br>Thanks anybody/everybody.<br>