[Openswan Users]
Aggressive mode client to Netscreen w/ leftid=email
Tibor Incze
tibor.incze at eservglobal.com
Wed May 18 11:27:37 CEST 2005
I'm trying to get openswan 2.3(on FC3) to talk to a Netscreen 208 "Dialup
VPN"(roadwarrior) w/ the following setup:IKE id: <useremail at userdomain>
PFS turned on
phase1&phase2: set to 3des+sha, but can change if necessary
I currently have:
leftid="user at domain.org" #is this correct?
left=%defaultroute #is this correct?
right=<IP of netscreen>
rightid=??? <---do I need this
pfs=yes
aggrmode=yes
ike=3des...(can't remember exactly)
esp=...(can't remember exactly)
ipsec.secret: <remotegatewayip>: PSK "oursharedsecret"
Anyways, it's talking to the netscreen but doesn't get past phase1. The
error is "Rejecting packet, because it arrived from unrecognized peer
gateway"(something like that). On the openswan side, it keeps retrying,
but no diagnostic info, even though plutodebug and ikedebug are both
turned on.
So what am I missing? Has anyone gotten this to work? I've googled through
the list archives, and other sites, but couldn't find the answer to my
questions. Please help.--Tibor
More information about the Users
mailing list