[Openswan Users] problem with net-to-net configuration

Randy Wyatt rwyatt at nvtl.com
Tue Nov 30 12:06:40 EST 2010


ike has to equal 3des-md5 or 3des-sha1 according to ipsec.conf.

If your not using aggresive mode, I would not specify either line.



-----Original Message-----
From: users-bounces at openswan.org on behalf of long at magillem.com
Sent: Tue 11/30/2010 8:34 AM
To: users at openswan.org
Subject: [Openswan Users] problem with net-to-net configuration
 
Hi :)

I need help to configure openswan for a net-to-net vpn. I've installed
openswan on ubuntu 9.10 and i followed various topics on the web to
configure /etc/ipsec.conf and /etc/ipsec.secrets.

I want to create a net-to-net vpn with PSK. Here are my configuration files :


/etc/ipsec.conf :

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	nat_traversal=yes
	oe=off
	protostack=netkey

#vpn connection
conn net-to-net
	keyingtries=3
	authby=secret
	keyexchange=ike
	ike=3des-modp1024
	esp=3des-md5,3des-sha1
	left=217.128.31.99
	leftid=@vpn1.mysite.com
	leftsubnet=192.168.2.100/30
	leftnexthop=%defaultroute
	right=82.239.74.246
	rightid=@vpn2.mysite.com
	rightsubnet=192.168.1.100/30
	rightnexthop=%defaultroute
	auto=start


and /etc/ipsec.secrets :

217.128.31.99 82.239.74.246: PSK "my secret key"

The command ipsec verify is OK but when I use ipsec auto --up net-to-net,
I have the following error : no connection named "net-to-net".

With the command: ipsec barf, I get the following error :

"Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,
enc_alg="3des", auth_alg="modp1024", modp="""

It seems like 3des is not installed or not recognized by pluto. If it is
the case, what can I do to make it work?

Thank you :)





_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101130/59174ad2/attachment.html 


More information about the Users mailing list