<html><body bgcolor="#FFFFFF"><div>Use leftid rightid in IPSec.secrets.</div><div><br></div><div>Randy<br><br>Sent from my iPhone</div><div><br>On Nov 30, 2010, at 10:05 AM, "Gary Long" <<a href="mailto:long@magillem.com">long@magillem.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
Thank you for this explanation :)<br>
<br>
I changed my ipsec.conf as :<br>
<br>
<font size="2">conn net-to-net<br>
keyingtries=3<br>
authby=secret<br>
keyexchange=ike<br>
#ike=3des-modp1024<br>
#esp=3des-md5,3des-sha1<br>
left=217.128.31.99<br>
<a class="moz-txt-link-abbreviated" href="mailto:leftid=@vpn1.mysite.com"><a href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a></a><br>
leftsubnet=192.168.1.200/30<br>
leftnexthop=%defaultroute<br>
right=82.239.74.246<br>
<a class="moz-txt-link-abbreviated" href="mailto:rightid=@vpn2.mysite.com"><a href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a></a><br>
rightsubnet=192.168.1.100/30<br>
rightnexthop=%defaultroute<br>
auto=start</font><br>
<br>
I also changed the leftsubnet. Now with ipsec auto --up net-to-net I
get :<br>
<br>
022 "net-to-net": We cannot identify ourselves with either end of
this connection.<br>
<br>
I'm wondering if this is linked to the left/right id options: Do I
need to register thes dns names somewhere else (in my gateway for
example) ? <br>
<br>
<br>
Le 30/11/2010 18:06, Randy Wyatt a écrit :
<blockquote cite="mid:FF3EFAC22FCB2A4A8290A3C5CBC17330080140@nvtlsdsexpo.nvtl.local" type="cite">
<!-- Converted from text/plain format -->
<br>
<p><font size="2">ike has to equal 3des-md5 or 3des-sha1 according
to ipsec.conf.<br>
<br>
If your not using aggresive mode, I would not specify either
line.<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a class="moz-txt-link-abbreviated" href="mailto:users-bounces@openswan.org"><a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a></a> on behalf of
<a class="moz-txt-link-abbreviated" href="mailto:long@magillem.com"><a href="mailto:long@magillem.com">long@magillem.com</a></a><br>
Sent: Tue 11/30/2010 8:34 AM<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:users@openswan.org"><a href="mailto:users@openswan.org">users@openswan.org</a></a><br>
Subject: [Openswan Users] problem with net-to-net
configuration<br>
<br>
Hi :)<br>
<br>
I need help to configure openswan for a net-to-net vpn. I've
installed<br>
openswan on ubuntu 9.10 and i followed various topics on the
web to<br>
configure /etc/ipsec.conf and /etc/ipsec.secrets.<br>
<br>
I want to create a net-to-net vpn with PSK. Here are my
configuration files :<br>
<br>
<br>
/etc/ipsec.conf :<br>
<br>
# /etc/ipsec.conf - Openswan IPsec configuration file<br>
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp
$<br>
<br>
# This file: /usr/share/doc/openswan/ipsec.conf-sample<br>
#<br>
# Manual: ipsec.conf.5<br>
<br>
<br>
version 2.0 # conforms to second version of ipsec.conf
specification<br>
<br>
# basic configuration<br>
config setup<br>
nat_traversal=yes<br>
oe=off<br>
protostack=netkey<br>
<br>
#vpn connection<br>
conn net-to-net<br>
keyingtries=3<br>
authby=secret<br>
keyexchange=ike<br>
ike=3des-modp1024<br>
esp=3des-md5,3des-sha1<br>
left=217.128.31.99<br>
<a class="moz-txt-link-abbreviated" href="mailto:leftid=@vpn1.mysite.com"><a href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a></a><br>
leftsubnet=192.168.2.100/30<br>
leftnexthop=%defaultroute<br>
right=82.239.74.246<br>
<a class="moz-txt-link-abbreviated" href="mailto:rightid=@vpn2.mysite.com"><a href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a></a><br>
rightsubnet=192.168.1.100/30<br>
rightnexthop=%defaultroute<br>
auto=start<br>
<br>
<br>
and /etc/ipsec.secrets :<br>
<br>
217.128.31.99 82.239.74.246: PSK "my secret key"<br>
<br>
The command ipsec verify is OK but when I use ipsec auto --up
net-to-net,<br>
I have the following error : no connection named "net-to-net".<br>
<br>
With the command: ipsec barf, I get the following error :<br>
<br>
"Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg
not found,<br>
enc_alg="3des", auth_alg="modp1024", modp="""<br>
<br>
It seems like 3des is not installed or not recognized by
pluto. If it is<br>
the case, what can I do to make it work?<br>
<br>
Thank you :)<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org"><a href="mailto:Users@openswan.org">Users@openswan.org</a></a><br>
<a moz-do-not-send="true" href="http://lists.openswan.org/mailman/listinfo/users"><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></a><br>
Micropayments: <a moz-do-not-send="true" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a><br>
Building and Integrating Virtual Private Networks with
Openswan:<br>
<a moz-do-not-send="true" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></a><br>
<br>
<br>
</font>
</p>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org"><a href="mailto:Users@openswan.org">Users@openswan.org</a></a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users"><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></a>
</pre>
</blockquote>
<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@openswan.org">Users@openswan.org</a></span><br><span><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a></span><br><span>Building and Integrating Virtual Private Networks with Openswan: </span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>