[Openswan Users] Unknown parameter name "ike"
Peter McGill
petermcgill at goco.net
Wed Apr 25 10:40:48 EDT 2007
> Date: Wed, 25 Apr 2007 09:57:45 +0200
> From: steve.morard at epfl.ch
> Subject: [Openswan Users] Unknown parameter name "ike"
> To: users at openswan.org
>
> I'm trying to connect to a remote gateway, but I get the message:
>
> NO-PROPOSAL-CHOSEN
>
> I guess that's because I didn't specify the algorithms in
> ipsec.conf. So I tried
> to do that and now my ipsec.conf looks like that
>
> version 2.0
>
>
> config setup
> nat_traversal=yes
>
> conn try
> left=172.18.112.7
>
> right=x.x.x.x
> rightsubnet=172.25.8.8/29
>
> pfs=yes
> auth=esp
> esp=aes128-md5,aes128-sha1
> ike=aes128-sha1-modp1024,aes128-md5-modp1024
> authby=secret
>
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
>
> Unfortunately when I execute ipsec auto -add try, I get the
> following error:
>
> ipsec_auto: fatal error in "toFT": (/etc/ipsec.conf, line 26)
> unknown parameter
> name "ike"
>
> Do you have any idea why the parameter ike is not recognized?
NO_PROPOSAL_CHOSEN does generally mean a misconfiguration, disaggreement
In settings between the two switches. So check your settings again.
That doesn't appear to be your whole conn section, could we see the whole
Section please? Either that or your missing some settings.
>From your previous message about what settings you were told to use, you
Still need:
ikelifetime=1d
keylife=1h
And probably:
leftnexthop=%defaultroute
auto=start
Both the left and right parameters take public ip values, and the address
For left above is a private ip value, I don't think that's what you want,
Unless the ipsec host doesn't have a public ip, it only communicates with
The lan. The ike parameter has been around forever so I'm not sure why it
Wouldn't work, are the parameters indented with tabs, it must be tabs not
Spaces. Also what openswan version are you using, always best to use the
Latest if you can, 2.4.7 currently.
Peter
More information about the Users
mailing list