[Openswan dev] Problem in establishing ipsec tunnel using manual keying

Irene Liew irene_ilsf at yahoo.com
Wed Apr 12 18:52:27 CEST 2006


Hi, i have try setting up the Openswan for VPN testing using the manual keying method. Below is my ipsec.conf file configuration:
   
  # /etc/ipsec.conf - Openswan IPsec configuration file
  # RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
  # This file: /usr/local/share/doc/openswan/ipsec.conf-sample
  #
  # Manual: ipsec.conf.5
   
  version 2.0 # conforms to second version of ipsec.conf specification
   
  config setup
  plutodebug=none
  klipsdebug=none
  interfaces="ipsec0=eth0"
   
  #Disable Opportunistic Encryption
  include /etc/ipsec.d/examples/no_oe.conf
   
  conn dut1net-dut2net
  keyingtries=0
  keylife=8h
  left=2.2.2.2
  leftnexthop=2.2.2.1
  leftsubnet=3.3.3.0/24
  leftfirewall=no
  right=2.2.2.1
  rightnexthop=2.2.2.2
  rightsubnet=1.1.1.0/24
  rightfirewall=no
   
  conn tunnel-1
  also=dut1net-dut2net
  leftsourceip=3.3.3.1
  rightsourceip=1.1.1.1
  spi=0x100
  esp=aes128-md5-96
  espenckey=0x12345678_12345678_12345678_12345678_12345678_12345678
  espauthkey=0x12345678_12345678_12345678_12345678
  
  auto=add
   
   
  when i start the ipsec service, everything is ok but when i type "ipsec manual --up tunnel-1", an error message:
   
  ipsec manual: no IPsec enabled tunnel found.
   
   
  what is the problem with openswan? can it support manual keying? cos when i do auto keying it is ok, but for my testing i needed to use manual keying. can u pls help me on this? 
   
  thanks
   
  Regards,
  Irene Liew
  System Performance Engineer

		
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
			
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20060412/c30b9c03/attachment-0001.htm


More information about the Dev mailing list