[Openswan Users] Compatiblity between 2.4.6 and 2.6.14 (fwd)

Paul Wouters paul at xelerance.com
Wed Aug 6 09:35:36 EDT 2008


On Wed, 6 Aug 2008, Toby Chamberlain wrote:

> Have you tried removing the left/rightid= lines?
>
> According to the man page under the leftcertrsasig entry: "The value %cert
> will load the information required from a certificate defined in %leftcert
> and automatically define leftid  for you."... which I take to mean that
> leftid is only for PSK connections.

That is right. Newer versions might require a leftid=%fromcert

Paul

> Toby
>
>
> ----- Original Message -----
> From: "John Haskey" <openswan at haskey.com>
> To: <users at openswan.org>
> Sent: Wednesday, August 06, 2008 6:03 AM
> Subject: [Openswan Users] Compatiblity between 2.4.6 and 2.6.14 (fwd)
>
>
>>
>> (reposted since info following an 'at' sign was truncated)
>>
>> I recently installed a Fedora Core 9 system with Openswan 2.6.14.  The
>> site I was trying to establish a connection to was running 2.4.6.  Here's
>> the ipsec.conf that we use (with some info redacted):
>>
>> version 2.0     # conforms to second version of ipsec.conf specification
>>
>> config setup
>> nat_traversal=yes
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.1.0.0/16
>>
>> conn %default
>>        keyingtries=1
>>
>> conn vpnconnection
>> # Left
>>        left=%defaultroute
>>        leftid=(at)user.vpn.domain.com
>>        leftrsasigkey=%cert
>>        leftcert=user_nol2tp_cert.pem
>>        # Right
>>        right=nnn.nnn.nnn.nnn
>>        rightsubnet=10.1.0.0/16
>>        rightid=(at)no_l2tp-x509-gw.vpn.domain.com
>>        rightrsasigkey=%cert
>>        auto=add
>>
>> #Disable Opportunistic Encryption
>> include /etc/ipsec.d/examples/no_oe.conf
>>
>> (I've removed the external IP address and substituted domain and user for
>> the actual values).
>>
>> Anyway, this works fine with 2.4.6 but with 2.6.14 we get the 'cannot
>> identify ourselves with either end of this connection' message.
>>
>> I've since removed 2.6.14, and installed 2.4.6 and things are working but
>> I'd really like to be using current code at least on my system, or is
>> connecting between disparate versions not recommeded/supported?
>>
>> Thanks for any insights!
>>
>> ---john.
>>
>> --
>> John Haskey
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list