[Openswan Users] Compatiblity between 2.4.6 and 2.6.14

John Haskey openswan at haskey.com
Tue Aug 5 14:24:57 EDT 2008


I recently installed a Fedora Core 9 system with Openswan 2.6.14.  The
site I was trying to establish a connection to was running 2.4.6.  Here's
the ipsec.conf that we use (with some info redacted):

version 2.0     # conforms to second version of ipsec.conf specification

config setup
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.1.0.0/16

conn %default
        keyingtries=1

conn vpnconnection
	# Left
        left=%defaultroute
        leftid=@user.vpn.domain.com
        leftrsasigkey=%cert
        leftcert=user_nol2tp_cert.pem
        # Right
        right=nnn.nnn.nnn.nnn
        rightsubnet=10.1.0.0/16
        rightid=@no_l2tp-x509-gw.vpn.domain.com
        rightrsasigkey=%cert
        auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

(I've removed the external IP address and substituted domain and user for
the actual values).

Anyway, this works fine with 2.4.6 but with 2.6.14 we get the 'cannot
identify ourselves with either end of this connection' message.

I've since removed 2.6.14, and installed 2.4.6 and things are working but
I'd really like to be using current code at least on my system, or is
connecting between disparate versions not recommeded/supported?

Thanks for any insights!

							---john.

-- 
John Haskey


More information about the Users mailing list