[Openswan Users] net 2 net connection

[William Man]

Hi,

My site1 uses a 2.4 kernel, and site2 uses a 2.6 kernel.
Hence, site1 uses klips, and site2 uses 26sec.

Is there anyway to force site2 to use klips? As it does not have the ipsec0
interface, like site1.  I am using FC3 on site2, with openswan.2.4 and
openswan-klips installed.

I notice on site1, the module ipsec.ko is inserted, but this does not happen
on site2.  I guess it is used 26sec by default, is there any way of change
it to use klips.

I have had partial sucess with the tunnel. Site1 thinks the tunnels up,
site2 doesn't.  Althou there are enties in the routing table, but i can't
seem to ping the other subnets.

Does anyone know whats going on?

Thanks

William


-----Original Message-----
From: Andy [mailto:fs at globalnetit.com]
Sent: Wednesday, September 14, 2005 8:32 PM
To: William Man
Cc: users at openswan.org
Subject: RE: [Openswan Users] net 2 net connection


On Wed, 2005-09-14 at 20:17 +0100, William Man wrote:
> Sep 14 15:47:56 site1 pluto[6481]: "net-to-net" #2: IPsec Transform
> [ESP_AES
> (0), AUTH_ALGORITHM_HMAC_SHA1] refused due to insecure key_len and
> enc. alg.
> not listed in "esp" string
> Sep 14 15:47:56 site1 pluto[6481]: "net-to-net" #2: no acceptable
> Proposal
> in IPsec SA
>
Seems site2 is proposing AES, your site1 doesn't like it. You could try
setting 'esp=3des' in the conn on site2.

--
Andy <fs at globalnetit.com>

________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.24/101 - Release Date: 13/09/2005

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.24/101 - Release Date: 13/09/2005

________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.