[Openswan Users] Road Warrior configuration using whack HELP NEEDED
Shyam
shyam at rocsys.com
Thu Apr 27 17:06:42 CEST 2006
Hello
Im trying to setup a road warrior config....if i setit up using the
ipsec.conf file its working fine but if i give the same config using whack
its not working at all :-( the secnario is as shown below...why is it tht
the same config from whack is resulting in a diffrent layout of the
connection as shown by "whack --status"...please help me in this
regard...the error im getting in the road warrior is
"we cannot identify ourselves with either end of this connection"
this is because pluto is interpretting the conn worngly.....or my config
is wrong??? im really LOST...
SERVER SIDE
==============
IPSEC.CONF:
172.16.0.0/16===192.168.10.1[@server]...%any[@road]
conn test
left=192.168.10.1
leftid=@server
leftsubnet=172.16.0.0/16
leftrsasigkey=0sAQPeTN....
right=%any
rightid=@road
rightrsasigkey=0sAQNiZ.....
esp=3des-md5-96
keyexchange=ike
auto=add
WHACK:
172.16.0.0/16===192.168.10.1[@server,S?C]---192.168.10.10...%any[@road,S?C]
ipsec whack --name crypt2 \
--id @server \
--host 192.168.10.1 \
--nexthop 192.168.10.10 \
--client 172.16.0.0/16 \
--to \
--id @road \
--host %any \
--rsasig --tunnel --encrypt --esp 3des-md5-96 --ike 3des
ROADWARRIOR:
===============
IPSEC.CONF:
192.168.10.10[@road]...192.168.10.1[@server]===172.16.0.0/16
conn test
left=%defaultroute
leftid=@road
leftrsasigkey=0sAQNiZCUOEM.....
right=192.168.10.1
rightid=@server
rightsubnet=172.16.0.0/16
rightrsasigkey=0sAQPeTN+.....
auto=add
esp=3des-md5-96
keyexchange=ike
WHACK:
172.16.0.0/16===192.168.10.1[@server,S?C]---192.168.10.10...%any[@road,S?C]
ipsec whack --name crypt2 \
--id @road \
--host %any \
--to \
--id @server \
--host 192.168.10.1 \
--nexthop 192.168.10.10 \
--client 172.16.0.0/16 \
--rsasig --tunnel --encrypt --esp 3des-md5-96 --ike 3des
TIA,
Regards,
Shyam
More information about the Users
mailing list