[Openswan Users] initial Main Mode message received on X:500 but no connection has been authorized

[Brian Cuthie]

I bought the book and that helped a lot. But there is definitely some  
magic involved.

Man ipsec.conf returns a ton of information about what each  
configuration directive does, but not much about how they interact.

The real hard part, for me anyway, is that when something doesn't work  
it's not at all clear why. I suppose if you're a dyed in the wool  
ipsec fanatic it's all obvious. But for someone who focuses on other  
things, it's can be rough going sometimes to get this stuff working.

But when it does work, it's great!

-brian


On May 14, 2008, at 2:30 PM, Paul Wouters wrote:

> On Wed, 14 May 2008, Thomas Novin wrote:
>
>>> Yes. IPsec is harder to setup then Openvpn. But if offers more and  
>>> scales much better,
>>> neither of which will matter much to a 1-3 user system.
>>
>> I've worked with lots of IPsec solutions (hardware based) but I don't
>> think I've come across anything so hard to configure as Openswan.  
>> It's a
>> shame because you can do virtually anything with it, if you just know
>> how to.
>>
>
> It is not that hard. It is in my experience much easier to use then
> any hardware webgui interface, which tend to look like snmp-via-html
> interfaces.
>
> man ipsec.conf has a LOT of information. testing/pluto/* has a few
> hundred testcases with configuration examples. And the most used
> cases can be found in /etc/ipsec.d/examples/
>
> The "left" and "right" syntax might need getting used to, but you can
> read is as "local" and "remote" if you want.
>
> Paul
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155