<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>RE: [Openswan Users] problem with net-to-net configuration</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>ike has to equal 3des-md5 or 3des-sha1 according to ipsec.conf.<BR>
<BR>
If your not using aggresive mode, I would not specify either line.<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: users-bounces@openswan.org on behalf of long@magillem.com<BR>
Sent: Tue 11/30/2010 8:34 AM<BR>
To: users@openswan.org<BR>
Subject: [Openswan Users] problem with net-to-net configuration<BR>
<BR>
Hi :)<BR>
<BR>
I need help to configure openswan for a net-to-net vpn. I've installed<BR>
openswan on ubuntu 9.10 and i followed various topics on the web to<BR>
configure /etc/ipsec.conf and /etc/ipsec.secrets.<BR>
<BR>
I want to create a net-to-net vpn with PSK. Here are my configuration files :<BR>
<BR>
<BR>
/etc/ipsec.conf :<BR>
<BR>
# /etc/ipsec.conf - Openswan IPsec configuration file<BR>
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $<BR>
<BR>
# This file: /usr/share/doc/openswan/ipsec.conf-sample<BR>
#<BR>
# Manual: ipsec.conf.5<BR>
<BR>
<BR>
version 2.0 # conforms to second version of ipsec.conf specification<BR>
<BR>
# basic configuration<BR>
config setup<BR>
nat_traversal=yes<BR>
oe=off<BR>
protostack=netkey<BR>
<BR>
#vpn connection<BR>
conn net-to-net<BR>
keyingtries=3<BR>
authby=secret<BR>
keyexchange=ike<BR>
ike=3des-modp1024<BR>
esp=3des-md5,3des-sha1<BR>
left=217.128.31.99<BR>
leftid=@vpn1.mysite.com<BR>
leftsubnet=192.168.2.100/30<BR>
leftnexthop=%defaultroute<BR>
right=82.239.74.246<BR>
rightid=@vpn2.mysite.com<BR>
rightsubnet=192.168.1.100/30<BR>
rightnexthop=%defaultroute<BR>
auto=start<BR>
<BR>
<BR>
and /etc/ipsec.secrets :<BR>
<BR>
217.128.31.99 82.239.74.246: PSK "my secret key"<BR>
<BR>
The command ipsec verify is OK but when I use ipsec auto --up net-to-net,<BR>
I have the following error : no connection named "net-to-net".<BR>
<BR>
With the command: ipsec barf, I get the following error :<BR>
<BR>
"Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,<BR>
enc_alg="3des", auth_alg="modp1024", modp="""<BR>
<BR>
It seems like 3des is not installed or not recognized by pluto. If it is<BR>
the case, what can I do to make it work?<BR>
<BR>
Thank you :)<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
_______________________________________________<BR>
Users@openswan.org<BR>
<A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A><BR>
Micropayments: <A HREF="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A><BR>
Building and Integrating Virtual Private Networks with Openswan:<BR>
<A HREF="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A><BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>