[Openswan Users] Openswan - Cisco IOS router - Preshared keys
Ahmed Benallegue
Ahmed.Benallegue at ecmwf.int
Tue Jun 7 12:45:51 CEST 2005
Hello,
I am trying to setup a basic connection between a Cisco router and
openswan using:
- preshared keys
- no opportunistic encryption
The boxes are located in the same physical segment.
The linux box has:
- linux kernel 2.6.8
- openswan v2.3.1
- ipsec-tools v0.4
- iproute2 v2.6.11
I have enabled ip forwarding through: echo 1 > /proc/sys/net/ipv4/ip_forward
The /etc/ipsec.conf file is:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces=%defaultroute
conn %default
authby=secret
left=10.0.0.1
leftsubnet=10.0.0.1/32
leftnexthop=%defaultroute
keyexchange=ike
ike=3des-sha-modp1024
conn cisco
right=10.0.0.2
rightsubnet=10.0.0.2/32
rightnexthop=%defaultroute
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
The result of "ipsec verify" is:
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.3.1/K2.6.8-24-default (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support
[DISABLED]
I use "ipsec auto --ready" followed by "ipsec auto --verbose --up cisco"
top try to initiate the connection in order to avoid the synchronisation
issue.
BUT: I have the following error message: "021 no connection named
"cisco"". Have I forgotten changing a conf file somewhere?
I need help.
Thanks in advance.
Ahmed
More information about the Users
mailing list