[Openswan Users] how to specify domain name in ipsec.secrets

Chris Purves chris at northfolk.ca
Wed Dec 6 14:43:13 EST 2006


Chris Purves wrote:
> Hello,
> 
> I have ipsec working using pre-shared keys with a NATed WinXP client. 
> My ipsec host is on a machine with a dynamic IP, so I don't want to have 
> to specify the host IP in any of the configuration files.
> 
> Currently in ipsec.secrets I have:
> 
> 68.149.172.106 %any: PSK "secret"
> 
>  From the manual page, I think I should be able to replace it with:
> 
> @vpn.northfolk.ca %any: PSK "secret"
> 
> but this doesn't work and I get the following message in my log:
> 
> Dec  6 12:25:33 aurora pluto[6881]: "L2TP-PSK"[4] 198.166.253.177 #4: 
> Can't authenticate: no preshared key found for `68.149.172.106' and 
> `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD
> 
> This makes me think that the name is not being properly resolved.  How 
> can I get this to work?
> 

Okay, I was able to get it to work by adding:

leftid=@vpn.northfolk.ca to ipsec.conf


-- 
Chris



More information about the Users mailing list