[Openswan Users] problem with net-to-net configuration
long at magillem.com
long at magillem.com
Tue Nov 30 11:34:38 EST 2010
Hi :)
I need help to configure openswan for a net-to-net vpn. I've installed
openswan on ubuntu 9.10 and i followed various topics on the web to
configure /etc/ipsec.conf and /etc/ipsec.secrets.
I want to create a net-to-net vpn with PSK. Here are my configuration files :
/etc/ipsec.conf :
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
oe=off
protostack=netkey
#vpn connection
conn net-to-net
keyingtries=3
authby=secret
keyexchange=ike
ike=3des-modp1024
esp=3des-md5,3des-sha1
left=217.128.31.99
leftid=@vpn1.mysite.com
leftsubnet=192.168.2.100/30
leftnexthop=%defaultroute
right=82.239.74.246
rightid=@vpn2.mysite.com
rightsubnet=192.168.1.100/30
rightnexthop=%defaultroute
auto=start
and /etc/ipsec.secrets :
217.128.31.99 82.239.74.246: PSK "my secret key"
The command ipsec verify is OK but when I use ipsec auto --up net-to-net,
I have the following error : no connection named "net-to-net".
With the command: ipsec barf, I get the following error :
"Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,
enc_alg="3des", auth_alg="modp1024", modp="""
It seems like 3des is not installed or not recognized by pluto. If it is
the case, what can I do to make it work?
Thank you :)
More information about the Users
mailing list