[Openswan Users] Good old "cannot identify ourselves" and %defaultroute issue...
Paul Wouters
paul at xelerance.com
Tue Jun 9 20:51:03 EDT 2009
On Tue, 9 Jun 2009, fbc wrote:
> CentOS 5.3 x64, Linux Openswan U2.6.14/K2.6.18-128.1.10.el5 (netkey)
> I searched google and couldn't really come up with an answer. It works great when I put
> my IP from eth0 as "left=" in the config, but when I put left=%defaultroute like I'm
> supposed to be able to do, it throws the error:
>
> [root at testing ipsec.d]# ipsec whack --initiate --name testtun1
> 022 "testtun1": We cannot identify ourselves with either end of this connection.
Then you probably do not have a default route? It's no problem to use the ip from eth0
in the config, if it is a static ip.
> ipsec.conf just has the default stuff, and my tunnel of /etc/ipsec.d/testtun1.conf was
> fully working when I used my real IP address. I want to be able to use %defaultroute for
> a dynamic IP.
Perhaps you are starting ipsec before you have an ip and default route?
Paul
More information about the Users
mailing list