[Openswan Users] Compatiblity between 2.4.6 and 2.6.14 (fwd)
John Haskey
openswan at haskey.com
Tue Aug 5 16:03:24 EDT 2008
(reposted since info following an 'at' sign was truncated)
I recently installed a Fedora Core 9 system with Openswan 2.6.14. The
site I was trying to establish a connection to was running 2.4.6. Here's
the ipsec.conf that we use (with some info redacted):
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.1.0.0/16
conn %default
keyingtries=1
conn vpnconnection
# Left
left=%defaultroute
leftid=(at)user.vpn.domain.com
leftrsasigkey=%cert
leftcert=user_nol2tp_cert.pem
# Right
right=nnn.nnn.nnn.nnn
rightsubnet=10.1.0.0/16
rightid=(at)no_l2tp-x509-gw.vpn.domain.com
rightrsasigkey=%cert
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
(I've removed the external IP address and substituted domain and user for
the actual values).
Anyway, this works fine with 2.4.6 but with 2.6.14 we get the 'cannot
identify ourselves with either end of this connection' message.
I've since removed 2.6.14, and installed 2.4.6 and things are working but
I'd really like to be using current code at least on my system, or is
connecting between disparate versions not recommeded/supported?
Thanks for any insights!
---john.
--
John Haskey
More information about the Users
mailing list