[Openswan Users] Good old "cannot identify ourselves" and %defaultroute issue...
fbc
flexbumpchest at gmail.com
Thu Jun 11 14:50:52 EDT 2009
On Thu, Jun 11, 2009 at 1:40 PM, fbc <flexbumpchest at gmail.com> wrote:
> On Tue, Jun 9, 2009 at 7:51 PM, Paul Wouters <paul at xelerance.com> wrote:
>
>> On Tue, 9 Jun 2009, fbc wrote:
>>
>> CentOS 5.3 x64, Linux Openswan U2.6.14/K2.6.18-128.1.10.el5 (netkey)
>>> I searched google and couldn't really come up with an answer. It works
>>> great when I put
>>> my IP from eth0 as "left=" in the config, but when I put
>>> left=%defaultroute like I'm
>>> supposed to be able to do, it throws the error:
>>>
>>> [root at testing ipsec.d]# ipsec whack --initiate --name testtun1
>>> 022 "testtun1": We cannot identify ourselves with either end of this
>>> connection.
>>>
>>
>> Then you probably do not have a default route? It's no problem to use the
>> ip from eth0
>> in the config, if it is a static ip.
>
>
>>
>> ipsec.conf just has the default stuff, and my tunnel of
>>> /etc/ipsec.d/testtun1.conf was
>>> fully working when I used my real IP address. I want to be able to use
>>> %defaultroute for
>>> a dynamic IP.
>>>
>>
>> Perhaps you are starting ipsec before you have an ip and default route?
>>
>> Paul
>>
> I've got a default route:
> [root at testing ~]# route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> xxx.245.xxx.224 * 255.255.255.248 U 0 0 0
> eth0
> 10.1.12.0 * 255.255.255.0 U 0 0 0
> eth0
> 169.254.0.0 * 255.255.0.0 U 0 0 0
> eth0
> default 225-xxx-245-xxx 0.0.0.0 UG 0 0 0
> eth0
>
> Where the x's are my real, publicly accessible IP bound to eth0.
> I started IPsec (and have subsequently restarted, many times) way after
> boot. Any other ideas?
> I've tried setting leftid in the conf & secrets file, no leftid and no left
> side in the secrets file, etc, nothing seems to work.
> Thanks for your time/assistance.
>
Just in case:
[root at testing ~]# cat /etc/ipsec.d/test.conf
conn testtun1
also=testtun
rightsubnet=172.23.24.0/24
conn testtun
type=tunnel
auto=add
auth=esp
pfs=yes
authby=secret
keyingtries=0
left=%defaultroute
leftsubnet=10.1.12.0/24
right=63.223.114.59
aggrmode=no
esp=aes256-sha1
keyexchange=ike
ike=aes256-sha1
keylife="28800"
ikelifetime="86400"
[root at testing ~]# cat /etc/ipsec.d/test.secrets
%defaultroute 63.223.114.59 : PSK "test123"
Thanks anybody/everybody.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090611/84f161a8/attachment.html
More information about the Users
mailing list