[Openswan Users] net 2 net connection
William Man
williamman at visualrock.co.uk
Wed Sep 14 23:51:56 CEST 2005
Hi,
My site1 uses a 2.4 kernel, and site2 uses a 2.6 kernel.
Hence, site1 uses klips, and site2 uses 26sec.
Is there anyway to force site2 to use klips? As it does not have the ipsec0
interface, like site1. I am using FC3 on site2, with openswan.2.4 and
openswan-klips installed.
I notice on site1, the module ipsec.ko is inserted, but this does not happen
on site2. I guess it is used 26sec by default, is there any way of change
it to use klips.
I have had partial sucess with the tunnel. Site1 thinks the tunnels up,
site2 doesn't. Althou there are enties in the routing table, but i can't
seem to ping the other subnets.
Does anyone know whats going on?
Thanks
William
-----Original Message-----
From: Andy [mailto:fs at globalnetit.com]
Sent: Wednesday, September 14, 2005 8:32 PM
To: William Man
Cc: users at openswan.org
Subject: RE: [Openswan Users] net 2 net connection
On Wed, 2005-09-14 at 20:17 +0100, William Man wrote:
> Sep 14 15:47:56 site1 pluto[6481]: "net-to-net" #2: IPsec Transform
> [ESP_AES
> (0), AUTH_ALGORITHM_HMAC_SHA1] refused due to insecure key_len and
> enc. alg.
> not listed in "esp" string
> Sep 14 15:47:56 site1 pluto[6481]: "net-to-net" #2: no acceptable
> Proposal
> in IPsec SA
>
Seems site2 is proposing AES, your site1 doesn't like it. You could try
setting 'esp=3des' in the conn on site2.
--
Andy <fs at globalnetit.com>
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.24/101 - Release Date: 13/09/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.24/101 - Release Date: 13/09/2005
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
More information about the Users
mailing list