[Openswan Users] Possible to move ipsec config to another host?

Jobst Schmalenbach jobst at barrett.com.au
Sun Dec 19 22:07:35 EST 2010


Hi,

thanks for your reply ... I verified them, they look alright to me.

What I did NOT think of that the OLD network sits on OPTUS where the ETHX card is the PUBLIC IPADDRESS (optus modems run in bridge mode) while the new network sits on a network behind a ADSL router that has a DMZ, so the ETHX card is 192.168.1.1 not 236.40.233.220 (my static IP address provided by the ISP).

Now the router has internal VOIP (sip), and my ADSL connection provides this, so I MUST use NAT to use the router based internal voip card, my config:

config setup
  klipsdebug=none
  plutodebug=none
  uniqueids=yes
  protostack=netkey
  nat_traversal=yes
  # dont need this as its a tunnel between work and home
  oe=off
conn %default
  rekey=no
# jobst and sue Home router and network
# 192.168.2.0/24 <-> 236.40.233.220 <-> 150.101.215.42 <-> 192.168.0.0/24

conn yorkstreet-2-barrett
  left=236.40.233.220
  leftid="CN=usercert2"
  leftsourceip=236.40.233.220
  leftrsasigkey=%cert
  leftcert=usercert2
  leftnexthop=150.101.215.42
  leftsubnet=192.168.2.0/24
  right=150.101.215.42
  rightid="CN=usercert1"
  rightsourceip=150.101.215.42
  rightrsasigkey=%cert
  rightnexthop=236.40.233.220
  rightsubnet=192.168.0.0/24
  rekey=no
  esp="aes-sha1"
  ike="aes-sha1"
  auto=start

On Sun, Dec 19, 2010 at 12:31:25PM -0500, Neal Murphy (neal.p.murphy at alum.wpi.edu) wrote:
> On Sunday 19 December 2010 04:43:14 Jobst Schmalenbach wrote:
> > I then restarted BOTH, the WORKMACHINE came up well but the
> > (NEW) HOME machine is complaining with:
> >
> > Dec 19 20:26:09 yorkstreet ipsec__plutorun: 022 "yorkstreet-2-barrett": We
> > cannot identify ourselves with either end of this connection.
> >
> > I did sme research into this and most people having the
> > same problem received the "make sure the IP addresses match".
> >
> > All I did is basically
> >
> >   sed -e 's/OLD/NEW/g'
> >
> > on both ipsec.conf files, so the IPADDRESS should be OK....
> 
> Should be's bite us in the backside every time.
>   1. Did you verify that the configuration changes are correct?
>   2. Did you verify that the IP addresses in use are correct?
> 
> Your HOME machine is complaining that it cannot find its own IP address in the 
> config file, in neither the left nor the right specifications.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-- 
Share your knowledge. It's a way to achieve immortality.

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia


More information about the Users mailing list