[Openswan Users] Good old "cannot identify ourselves" and %defaultroute issue...

Paul Wouters paul at xelerance.com
Tue Jun 9 20:51:03 EDT 2009

On Tue, 9 Jun 2009, fbc wrote:

> CentOS 5.3 x64, Linux Openswan U2.6.14/K2.6.18-128.1.10.el5 (netkey)
> I searched google and couldn't really come up with an answer.  It works great when I put
> my IP from eth0 as "left=" in the config, but when I put left=%defaultroute like I'm
> supposed to be able to do, it throws the error:
> [root at testing ipsec.d]# ipsec whack --initiate --name testtun1
> 022 "testtun1": We cannot identify ourselves with either end of this connection.

Then you probably do not have a default route? It's no problem to use the ip from eth0
in the config, if it is a static ip.

> ipsec.conf just has the default stuff, and my tunnel of /etc/ipsec.d/testtun1.conf was
> fully working when I used my real IP address.  I want to be able to use %defaultroute for
> a dynamic IP.

Perhaps you are starting ipsec before you have an ip and default route?


More information about the Users mailing list