<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
I tried to remove these options from my config file but the error
message is still the same. <br>
I have only one network interface on both sides which is eth0. Each
machine use the gateway dhcp to get its ip adress but these adresses
are set static via the gateway configuration panel.<br>
<br>
Should I also set these ip adresses in the network manager on my two
computers? <br>
<br>
Le 30/11/2010 19:08, Randy Wyatt a écrit :
<blockquote cite="mid:DF92AC0A-2471-40EC-839C-7B338A32ED44@nvtl.com"
type="cite">
<div>Use leftid rightid in IPSec.secrets.</div>
<div><br>
</div>
<div>Randy<br>
<br>
Sent from my iPhone</div>
<div><br>
On Nov 30, 2010, at 10:05 AM, "Gary Long" <<a
moz-do-not-send="true" href="mailto:long@magillem.com">long@magillem.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div> Thank you for this explanation :)<br>
<br>
I changed my ipsec.conf as :<br>
<br>
<font size="2">conn net-to-net<br>
keyingtries=3<br>
authby=secret<br>
keyexchange=ike<br>
#ike=3des-modp1024<br>
#esp=3des-md5,3des-sha1<br>
left=217.128.31.99<br>
<a moz-do-not-send="true"
href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a><br>
leftsubnet=192.168.1.200/30<br>
leftnexthop=%defaultroute<br>
right=82.239.74.246<br>
<a moz-do-not-send="true"
href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a><br>
rightsubnet=192.168.1.100/30<br>
rightnexthop=%defaultroute<br>
auto=start</font><br>
<br>
I also changed the leftsubnet. Now with ipsec auto --up
net-to-net I get :<br>
<br>
022 "net-to-net": We cannot identify ourselves with either end
of this connection.<br>
<br>
I'm wondering if this is linked to the left/right id options:
Do I need to register thes dns names somewhere else (in my
gateway for example) ? <br>
<br>
<br>
Le 30/11/2010 18:06, Randy Wyatt a écrit :
<blockquote
cite="mid:FF3EFAC22FCB2A4A8290A3C5CBC17330080140@nvtlsdsexpo.nvtl.local"
type="cite">
<!-- Converted from text/plain format --> <br>
<p><font size="2">ike has to equal 3des-md5 or 3des-sha1
according to ipsec.conf.<br>
<br>
If your not using aggresive mode, I would not specify
either line.<br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:users-bounces@openswan.org">users-bounces@openswan.org</a>
on behalf of <a moz-do-not-send="true"
href="mailto:long@magillem.com">long@magillem.com</a><br>
Sent: Tue 11/30/2010 8:34 AM<br>
To: <a moz-do-not-send="true"
href="mailto:users@openswan.org">users@openswan.org</a><br>
Subject: [Openswan Users] problem with net-to-net
configuration<br>
<br>
Hi :)<br>
<br>
I need help to configure openswan for a net-to-net vpn.
I've installed<br>
openswan on ubuntu 9.10 and i followed various topics on
the web to<br>
configure /etc/ipsec.conf and /etc/ipsec.secrets.<br>
<br>
I want to create a net-to-net vpn with PSK. Here are my
configuration files :<br>
<br>
<br>
/etc/ipsec.conf :<br>
<br>
# /etc/ipsec.conf - Openswan IPsec configuration file<br>
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45
ken Exp $<br>
<br>
# This file: /usr/share/doc/openswan/ipsec.conf-sample<br>
#<br>
# Manual: ipsec.conf.5<br>
<br>
<br>
version 2.0 # conforms to second version of
ipsec.conf specification<br>
<br>
# basic configuration<br>
config setup<br>
nat_traversal=yes<br>
oe=off<br>
protostack=netkey<br>
<br>
#vpn connection<br>
conn net-to-net<br>
keyingtries=3<br>
authby=secret<br>
keyexchange=ike<br>
ike=3des-modp1024<br>
esp=3des-md5,3des-sha1<br>
left=217.128.31.99<br>
<a moz-do-not-send="true"
href="mailto:leftid=@vpn1.mysite.com">leftid=@vpn1.mysite.com</a><br>
leftsubnet=192.168.2.100/30<br>
leftnexthop=%defaultroute<br>
right=82.239.74.246<br>
<a moz-do-not-send="true"
href="mailto:rightid=@vpn2.mysite.com">rightid=@vpn2.mysite.com</a><br>
rightsubnet=192.168.1.100/30<br>
rightnexthop=%defaultroute<br>
auto=start<br>
<br>
<br>
and /etc/ipsec.secrets :<br>
<br>
217.128.31.99 82.239.74.246: PSK "my secret key"<br>
<br>
The command ipsec verify is OK but when I use ipsec auto
--up net-to-net,<br>
I have the following error : no connection named
"net-to-net".<br>
<br>
With the command: ipsec barf, I get the following error
:<br>
<br>
"Nov 30 17:30:24 gx3 pluto[9838]: esp string error:
hash_alg not found,<br>
enc_alg="3des", auth_alg="modp1024", modp="""<br>
<br>
It seems like 3des is not installed or not recognized by
pluto. If it is<br>
the case, what can I do to make it work?<br>
<br>
Thank you :)<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
<a moz-do-not-send="true"
href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a moz-do-not-send="true"
href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with
Openswan:<br>
<a moz-do-not-send="true"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
<br>
</font> </p>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
<a moz-do-not-send="true" href="mailto:Users@openswan.org">Users@openswan.org</a>
<a moz-do-not-send="true" href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a moz-do-not-send="true" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a moz-do-not-send="true" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span><a moz-do-not-send="true"
href="mailto:Users@openswan.org">Users@openswan.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></span><br>
<span>Micropayments: <a moz-do-not-send="true"
href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br>
<span>Building and Integrating Virtual Private Networks with
Openswan: </span><br>
<span><a moz-do-not-send="true"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br>
</div>
</blockquote>
</blockquote>
<br>
</body>
</html>