It seems as though things are getting close, but I'm stumped by this apparent disconnect between the .conf and .secrets files.<div><br></div><div>First, the error messages when I try to start up the connection:</div><div>
<br></div><div><div>Sep 8 19:51:18 pluto[3535]: "ec2check" #1: Can't authenticate: no preshared key found for `<EC2 ELASTIC IP>' and `<CLIENT GATEWAY>'. Attribute OAKLEY_AUTHENTICATION_METHOD</div>
<div>Sep 8 19:51:18 pluto[3535]: "ec2check" #1: no acceptable Oakley Transform</div><div>Sep 8 19:51:18 pluto[3535]: "ec2check" #1: sending notification NO_PROPOSAL_CHOSEN to <CLIENT GATEWAY>:500</div>
<div><br></div><div>The necessary lines in the .conf:</div><div><br></div><div><div> left=<EC2 LOCAL IP></div><div> leftid=<EC2 ELASTIC IP></div><div> leftnexthop=%defaultroute</div><div> leftsubnet=<a href="http://10.5.5.5/32">10.5.5.5/32</a></div>
<div> leftsourceip=10.5.5.5</div><div> right=<CLIENT GATEWAY></div><div> rightsubnet=<CLIENT ED>/24</div></div><div><br></div><div>And the line in the .secrets:</div><div><div><EC2 ELASTIC IP> <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"</div>
</div><div><br></div><div>Anything wrong with these setups?</div><div><br></div><div>-James</div><div><br></div><br><div class="gmail_quote">On Thu, Sep 8, 2011 at 2:38 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Thu, 8 Sep 2011, James Nelson wrote:<br>
<br>
</div><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I appreciate the assistance- removing the modp or commenting out the phase2alg variable did nothing, but deleting the piece after<br>
"3des-md5" in the ike variable caused it to work. Is this going to cause trouble later down the road? <br>
</blockquote>
<br></div>
No it probably won't.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Starting up the connection causes a hang, mainly from a "no preshared key found" error between the two ips that are located in<br>
the .secrets file. The error follows up with a "no acceptable Oakley Transform" and "no_proposal_chosen". Is it not reading the<br>
.secrets file correctly?<br>
</blockquote>
<br></div>
If you use leftid/rightid, those are the identifiers you need in ipsec.secrets. If you<br>
use IP addresses only, then those need to go in as identifiers. If you change ipsec.secrets<br>
then issue "ipsec secrets" or restart openswan.<br>
<br>
btw. I'm changing th reply-to: to go back to the list, as public discussions is how I distinguish<br>
between free and paid support.<br>
<br>
Cheers,<br><font color="#888888">
<br>
Paul</font><div><div></div><div class="h5"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers,<br>
-James<br>
<br>
On Thu, Sep 8, 2011 at 1:54 PM, Paul Wouters <<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>> wrote:<br>
On Thu, 8 Sep 2011, James Nelson wrote:<br>
<br>
That would be a clever start :) I'm getting a no conn found when I enter the auto --up command, which I<br>
have to imagine means<br>
there is something wrong with the conn code. Am I writing the ike and phase two variables correctly?<br>
There is the following<br>
error in my log:<br>
Sep 7 20:18:06 ipsec__plutorun: 034 esp string error: Non alphanum or valid separator found in auth<br>
string, \<br>
just after "3des-md5" (old_state=ST_AA)<br>
<br>
<br>
try leaving out the modp specifier for the phase2/esp setting.<br>
<br>
You can test if the connection loads with "ipsec auto --add connname"<br>
<br>
Paul<br></blockquote></div></div></blockquote></div>
</div>