[Openswan Users] Laptop (right) connecting to left.

Brent Clark brentgclarklist at gmail.com
Tue Jul 28 03:16:47 EDT 2009

Tuomo Soini wrote:
> Your config is invalid. You can't use rightid=@home or leftid=@work
> without using aggressive mode or raw rsa keys. I'd suggest switching to
> raw rsa keys because your tunnel is linux-linux and because you are
> behind nat.
> Another note is that you do not want to disable pfs. pfs=yes is very
> important, because it enables phase1 (ike) key change during session.
> Without pfs you use same key for whole session!

I got some fantastic news, I got my VPN connected / established. As per 
your suggestion, I set the pfs to yes and added aggrmode but the only 
thing is I didnt touch the leftid and rightid, and lo and behold I get

Jul 27 20:42:45 VPN pluto[4183]: "linux-to-linux"[1] #2: 
STATE_QUICK_R2: IPsec SA established {ESP=>0xb5b20f40 <0x7b48fd25 
xfrm=AES_128-HMAC_MD5 NATD= DPD=none

I run tcpdump, and all looks good.

Thank you so much for you help.  Im now gonna try openswan with another 
test machine connected via cross over cable.

Thank you again

Brent Clark

More information about the Users mailing list