[Openswan Users] Ipsec over Fedora Core 4
Peter McGill
petermcgill at goco.net
Wed Nov 15 14:11:08 EST 2006
> left=[192.168.16.12
Is this just an email typo? There should be no "[" after the "=".
I see both your left and right parameters are in the private address space.
This isn't intended to work through internet? Perhaps just testing at this point?
Check your logs for pluto error messages.
Maybe /var/log/syslog or /var/log/secure, or something else depending on your system.
If both sides are using openswan then I wouldn't use authby=secret, use the
default authby=rsa instead.
On each system:
ipsec newhostkey --output /etc/ipsec.secrets --hostname <your hostname>
Then on each system:
ipsec showhostkey --left
Copy the showhostkey output to the local ipsec.conf.
Then copy the showhostkey output to the remote ipsec.conf,
changing left to right. (Note this is a public key, so you don't have to be
insanely secure when coping it, just don't let anyone see the private key
in your ipsec.secrets file.)
Peter
More information about the Users
mailing list