[Openswan Users] problems with: could not start conn "tunnel"
Paul Wouters
paul at xelerance.com
Wed Mar 29 01:35:17 CEST 2006
On Tue, 28 Mar 2006, Vida Luz Arista wrote:
> vpn with a cisco 800, the problem es that the VPN can't be established, the
> message error in my linux is: ipsec__plutorun: ...could not start conn
> "tunnelipsec"
>
> I don't have firewall then I Haven't iptables rules, If I don't have
> firewall I need iptables rules ? is necesary?
Only as of openswan 2.5 or 3.0 (not yet released)
openswan upto 2.4.x do not require iptables.
> conn tunnelipsec
> type=tunnel
> left=165.98.224.82
> leftsubnet=172.16.1.0/24
> right= 165.98.236.214
> rightsubnet=172.16.26.0/24
> esp=3des-md5-96
> keyexchange=ike
> pfs=no
> authby=secret
> ikelifetime=7800
> compress=no
> auto=start
>
> include /etc/ipsec.d/no_oe.conf
>
> ipsec.secrets
>
> =========
>
> 165.98.224.82 165.98.236.214: PSK "vp17226"
> crypto ipsec transform-set DICE esp-3des esp-sha-hmac
On openswan you configure md5, on your vpn device sha1?
That does not match.
Not specifying any ike= or esp= lines will make openswan accept
all sane defaults (md5,sha1,3des and aes)
Paul
More information about the Users
mailing list