<html><body bgcolor="#FFFFFF"><div>Use leftid rightid in IPSec.secrets.</div><div><br></div><div>Randy<br><br>Sent from my iPhone</div><div><br>On Nov 30, 2010, at 10:05 AM, "Gary Long" &lt;<a href="mailto:long@magillem.com">long@magillem.com</a>&gt; wrote:<br><br></div><div></div><blockquote type="cite"><div>

    Thank you for this explanation :)<br>
    <br>
    I changed my ipsec.conf as :<br>
    <br>
    <font size="2">conn net-to-net<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyingtries=3<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=secret<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyexchange=ike<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #ike=3des-modp1024<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; #esp=3des-md5,3des-sha1<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; left=217.128.31.99<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a class="moz-txt-link-abbreviated" href="mailto:leftid=@vpn1.mysite.com"><a href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a></a><br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=192.168.1.200/30<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftnexthop=%defaultroute<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=82.239.74.246<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a class="moz-txt-link-abbreviated" href="mailto:rightid=@vpn2.mysite.com"><a href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a></a><br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightsubnet=192.168.1.100/30<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightnexthop=%defaultroute<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=start</font><br>
    <br>
    I also changed the leftsubnet. Now with ipsec auto --up net-to-net I
    get :<br>
    <br>
    022 "net-to-net": We cannot identify ourselves with either end of
    this connection.<br>
    <br>
    I'm wondering if this is linked to the left/right id options: Do I
    need to register thes dns names somewhere else (in my gateway for
    example) ? <br>
    <br>
    <br>
    Le 30/11/2010 18:06, Randy Wyatt a écrit&nbsp;:
    <blockquote cite="mid:FF3EFAC22FCB2A4A8290A3C5CBC17330080140@nvtlsdsexpo.nvtl.local" type="cite">
      
      
      
      <!-- Converted from text/plain format -->
      <br>
      <p><font size="2">ike has to equal 3des-md5 or 3des-sha1 according
          to ipsec.conf.<br>
          <br>
          If your not using aggresive mode, I would not specify either
          line.<br>
          <br>
          <br>
          <br>
          -----Original Message-----<br>
          From: <a class="moz-txt-link-abbreviated" href="mailto:users-bounces@openswan.org"><a href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a></a> on behalf of
          <a class="moz-txt-link-abbreviated" href="mailto:long@magillem.com"><a href="mailto:long@magillem.com">long@magillem.com</a></a><br>
          Sent: Tue 11/30/2010 8:34 AM<br>
          To: <a class="moz-txt-link-abbreviated" href="mailto:users@openswan.org"><a href="mailto:users@openswan.org">users@openswan.org</a></a><br>
          Subject: [Openswan Users] problem with net-to-net
          configuration<br>
          <br>
          Hi :)<br>
          <br>
          I need help to configure openswan for a net-to-net vpn. I've
          installed<br>
          openswan on ubuntu 9.10 and i followed various topics on the
          web to<br>
          configure /etc/ipsec.conf and /etc/ipsec.secrets.<br>
          <br>
          I want to create a net-to-net vpn with PSK. Here are my
          configuration files :<br>
          <br>
          <br>
          /etc/ipsec.conf :<br>
          <br>
          # /etc/ipsec.conf - Openswan IPsec configuration file<br>
          # RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp
          $<br>
          <br>
          # This file:&nbsp; /usr/share/doc/openswan/ipsec.conf-sample<br>
          #<br>
          # Manual:&nbsp;&nbsp;&nbsp;&nbsp; ipsec.conf.5<br>
          <br>
          <br>
          version 2.0&nbsp;&nbsp;&nbsp;&nbsp; # conforms to second version of ipsec.conf
          specification<br>
          <br>
          # basic configuration<br>
          config setup<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; nat_traversal=yes<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; oe=off<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protostack=netkey<br>
          <br>
          #vpn connection<br>
          conn net-to-net<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyingtries=3<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authby=secret<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keyexchange=ike<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ike=3des-modp1024<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; esp=3des-md5,3des-sha1<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; left=217.128.31.99<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a class="moz-txt-link-abbreviated" href="mailto:leftid=@vpn1.mysite.com"><a href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a></a><br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftsubnet=192.168.2.100/30<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; leftnexthop=%defaultroute<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; right=82.239.74.246<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a class="moz-txt-link-abbreviated" href="mailto:rightid=@vpn2.mysite.com"><a href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a></a><br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightsubnet=192.168.1.100/30<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; rightnexthop=%defaultroute<br>
          &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auto=start<br>
          <br>
          <br>
          and /etc/ipsec.secrets :<br>
          <br>
          217.128.31.99 82.239.74.246: PSK "my secret key"<br>
          <br>
          The command ipsec verify is OK but when I use ipsec auto --up
          net-to-net,<br>
          I have the following error : no connection named "net-to-net".<br>
          <br>
          With the command: ipsec barf, I get the following error :<br>
          <br>
          "Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg
          not found,<br>
          enc_alg="3des", auth_alg="modp1024", modp="""<br>
          <br>
          It seems like 3des is not installed or not recognized by
          pluto. If it is<br>
          the case, what can I do to make it work?<br>
          <br>
          Thank you :)<br>
          <br>
          <br>
          <br>
          <br>
          <br>
          _______________________________________________<br>
          <a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org"><a href="mailto:Users@openswan.org">Users@openswan.org</a></a><br>
          <a moz-do-not-send="true" href="http://lists.openswan.org/mailman/listinfo/users"><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></a><br>
          Micropayments: <a moz-do-not-send="true" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a><br>
          Building and Integrating Virtual Private Networks with
          Openswan:<br>
          <a moz-do-not-send="true" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></a><br>
          <br>
          <br>
        </font>
      </p>
      <pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@openswan.org"><a href="mailto:Users@openswan.org">Users@openswan.org</a></a>
<a class="moz-txt-link-freetext" href="http://lists.openswan.org/mailman/listinfo/users"><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a>
Building and Integrating Virtual Private Networks with Openswan: 
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></a>
</pre>
    </blockquote>
    <br>
  

</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@openswan.org">Users@openswan.org</a></span><br><span><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a></span><br><span>Building and Integrating Virtual Private Networks with Openswan: </span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>