[Openswan Users] problems with: could not start conn "tunnel"
Vida Luz Arista
viaris at gmail.com
Tue Mar 28 18:07:47 CEST 2006
Ok,
My version is 2.4.x my rpm installed is openswan-2.4.4-1.0.FC4.1.i386.rpm,
en my router and the linux I use md5, my router have: crypto ipsec
transform-set DICE esp-3des esp-md5-hmac, in the linux have: esp=3des-md5-96
Sorry en the other mail I writo bad hte cisco configuration, I use md5 in
both.
Regards.
On 3/28/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Tue, 28 Mar 2006, Vida Luz Arista wrote:
>
> > vpn with a cisco 800, the problem es that the VPN can't be established,
> the
> > message error in my linux is: ipsec__plutorun: ...could not start conn
> > "tunnelipsec"
> >
> > I don't have firewall then I Haven't iptables rules, If I don't have
> > firewall I need iptables rules ? is necesary?
>
> Only as of openswan 2.5 or 3.0 (not yet released)
> openswan upto 2.4.x do not require iptables.
>
> > conn tunnelipsec
> > type=tunnel
> > left=165.98.224.82
> > leftsubnet=172.16.1.0/24
> > right= 165.98.236.214
> > rightsubnet=172.16.26.0/24
> > esp=3des-md5-96
> > keyexchange=ike
> > pfs=no
> > authby=secret
> > ikelifetime=7800
> > compress=no
> > auto=start
> >
> > include /etc/ipsec.d/no_oe.conf
> >
> > ipsec.secrets
> >
> > =========
> >
> > 165.98.224.82 165.98.236.214: PSK "vp17226"
>
> > crypto ipsec transform-set DICE esp-3des esp-sha-hmac
>
> On openswan you configure md5, on your vpn device sha1?
> That does not match.
>
> Not specifying any ike= or esp= lines will make openswan accept
> all sane defaults (md5,sha1,3des and aes)
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060328/8ed20aca/attachment.htm
More information about the Users
mailing list