[Openswan Users] Laptop (right) connecting to left.
Brent Clark
brentgclarklist at gmail.com
Tue Jul 28 03:16:47 EDT 2009
Tuomo Soini wrote:
> Your config is invalid. You can't use rightid=@home or leftid=@work
> without using aggressive mode or raw rsa keys. I'd suggest switching to
> raw rsa keys because your tunnel is linux-linux and because you are
> behind nat.
>
> Another note is that you do not want to disable pfs. pfs=yes is very
> important, because it enables phase1 (ike) key change during session.
> Without pfs you use same key for whole session!
Hiya
I got some fantastic news, I got my VPN connected / established. As per
your suggestion, I set the pfs to yes and added aggrmode but the only
thing is I didnt touch the leftid and rightid, and lo and behold I get
Jul 27 20:42:45 VPN pluto[4183]: "linux-to-linux"[1] 165.146.174.215 #2:
STATE_QUICK_R2: IPsec SA established {ESP=>0xb5b20f40 <0x7b48fd25
xfrm=AES_128-HMAC_MD5 NATD=165.146.174.215:4500 DPD=none
I run tcpdump, and all looks good.
Thank you so much for you help. Im now gonna try openswan with another
test machine connected via cross over cable.
Thank you again
Regards
Brent Clark
More information about the Users
mailing list