[Openswan Users] need some help to configure openswan on net to net

reza issanyr at olympecti.fr
Fri Sep 11 09:34:55 EDT 2009


What is entropy/randomness ?

I have a lot of linux servers, but, I don't know on which I can generate the file ?

azer.


-----Message d'origine-----
De : Paul Wouters [mailto:paul at xelerance.com] 
Envoyé : vendredi 11 septembre 2009 15:19
À : reza
Cc : users at openswan.org
Objet : Re: [Openswan Users] need some help to configure openswan on net to net

On Fri, 11 Sep 2009, reza wrote:

> I’m trying to configure two linux server on net-to-net ipsec. Each server has the same subnet :
> 192.168.2.0/24

You cannot connect those. A subnet can only live at one place.

> I tried to use the newhostkey without any success. The tool stay blocked to “Wait Pid”.

It needs entropy/randomness to generate the key. If your device is some embedded device,
then generate the key on another machine and copy the secrets file onto the embedded
device.

> So I’d like to create key and cert file on Linux A to permit to Linux B to establish the tunnel.
> Do you have an exemple of configuration to do that please ?

I would not use X.09 for linux-linux connections. But you can find configuration
examples in /etc/ipsec.d/examples/

Paul


More information about the Users mailing list