[Openswan Users] problems with: could not start conn "tunnel"
ted leslie
tleslie at tcn.net
Tue Mar 28 17:56:20 CEST 2006
where is this error showing?
if you do a
ipsec auto --up tunnelipsec
you should see useful info appear ...
or run a status command to maybe in a barf
take out auto start and start it manually
-tl
On Tue, 28 Mar 2006 15:41:34 -0600
"Vida Luz Arista" <viaris at gmail.com> wrote:
> Hi All,
>
> I have installed tpm openswan for Fedora Version 4, I need to establish a
> vpn with a cisco 800, the problem es that the VPN can't be established, the
> message error in my linux is: ipsec__plutorun: ...could not start conn
> "tunnelipsec"
>
> I don't have firewall then I Haven't iptables rules, If I don't have
> firewall I need iptables rules ? is necesary?
>
> My configuration is:
>
> ipsec.conf
> =========
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #ike= "3des-md5-modp768"
>
> version 2.0
>
> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=none
> forwardcontrol=yes
>
> conn tunnelipsec
> type=tunnel
> left=165.98.224.82
> leftsubnet=172.16.1.0/24
> right= 165.98.236.214
> rightsubnet=172.16.26.0/24
> esp=3des-md5-96
> keyexchange=ike
> pfs=no
> authby=secret
> ikelifetime=7800
> compress=no
> auto=start
>
> include /etc/ipsec.d/no_oe.conf
>
> ipsec.secrets
>
> =========
>
> 165.98.224.82 165.98.236.214: PSK "vp17226"
>
>
>
> Configuration for the router is:
>
>
>
> crypto isakmp policy 10
> encr 3des
> hash md5
> authentication pre-share
> crypto isakmp key vp17226 address 165.98.224.82
> !
> !
> crypto ipsec transform-set DICE esp-3des esp-sha-hmac
> !
> crypto map DICE 10 ipsec-isakmp
> set peer 165.98.224.82
> set transform-set DICE
> match address 100
>
> interface Ethernet1
> description PRIVADA
> ip address 165.98.236.214 255.255.255.252
> duplex auto
> crypto map DICE
>
>
>
> Somebody can help me? I need suggestions.
>
>
>
> Thanks in Advanced.
>
> Regards.
>
More information about the Users
mailing list