[Openswan Users] help with opnswan - PIX

[Paul Wouters]

On Sun, 20 Aug 2006, Probin Acharya wrote:

> I need to create a site-to-site vpn link between Openswan running on
> Fedora and PIX on the other side. There are no private subnets to
> connect to. Both the sites have public IPs on all machines.

> I can't get the tunnel to work. /var/log/messages gives: cannot start
> mytunnel. Please help.

Check /var/log/secure for other errors, or :


>         klipsdebug=all
>         plutodebug=all

Delete those two lines and run:

ipsec auto --replace mytunnel
ipsec auto --up mytunnel

and tell us what the error is.

> # sample VPN connection
> conn mytunnel
>                 type=tunnel
>                 left=A.1.1.2
>                 leftsubnet=A.1.1.0/29
>                 leftnexthop=A.1.1.1
>                 right=B.1.1.2
>                 rightsubnet=B.1.1.0/29
>                 rightnexthop=B.1.1.1
>                 keyexchange=ike
>                 ikelifetime=86400s
>                 pfs=no
>                 auto=start

You probably miss authby=secret ?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155