[Openswan Users] Compatiblity between 2.4.6 and 2.6.14 (fwd)

Toby Chamberlain toby at webtechservices.com.au
Tue Aug 5 19:36:46 EDT 2008 

Have you tried removing the left/rightid= lines?

According to the man page under the leftcertrsasig entry: "The value %cert 
will load the information required from a certificate defined in %leftcert 
and automatically define leftid  for you."... which I take to mean that 
leftid is only for PSK connections.

Toby


----- Original Message ----- 
From: "John Haskey" <openswan at haskey.com>
To: <users at openswan.org>
Sent: Wednesday, August 06, 2008 6:03 AM
Subject: [Openswan Users] Compatiblity between 2.4.6 and 2.6.14 (fwd)


>
> (reposted since info following an 'at' sign was truncated)
>
> I recently installed a Fedora Core 9 system with Openswan 2.6.14.  The
> site I was trying to establish a connection to was running 2.4.6.  Here's
> the ipsec.conf that we use (with some info redacted):
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.1.0.0/16
>
> conn %default
>        keyingtries=1
>
> conn vpnconnection
> # Left
>        left=%defaultroute
>        leftid=(at)user.vpn.domain.com
>        leftrsasigkey=%cert
>        leftcert=user_nol2tp_cert.pem
>        # Right
>        right=nnn.nnn.nnn.nnn
>        rightsubnet=10.1.0.0/16
>        rightid=(at)no_l2tp-x509-gw.vpn.domain.com
>        rightrsasigkey=%cert
>        auto=add
>
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
>
> (I've removed the external IP address and substituted domain and user for
> the actual values).
>
> Anyway, this works fine with 2.4.6 but with 2.6.14 we get the 'cannot
> identify ourselves with either end of this connection' message.
>
> I've since removed 2.6.14, and installed 2.4.6 and things are working but
> I'd really like to be using current code at least on my system, or is
> connecting between disparate versions not recommeded/supported?
>
> Thanks for any insights!
>
> ---john.
>
> -- 
> John Haskey
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list