[Openswan Users] problem with net-to-net configuration
Gary Long
long at magillem.com
Tue Nov 30 12:57:38 EST 2010
Thank you for this explanation :)
I changed my ipsec.conf as :
conn net-to-net
keyingtries=3
authby=secret
keyexchange=ike
#ike=3des-modp1024
#esp=3des-md5,3des-sha1
left=217.128.31.99
leftid=@vpn1.mysite.com
leftsubnet=192.168.1.200/30
leftnexthop=%defaultroute
right=82.239.74.246
rightid=@vpn2.mysite.com
rightsubnet=192.168.1.100/30
rightnexthop=%defaultroute
auto=start
I also changed the leftsubnet. Now with ipsec auto --up net-to-net I get :
022 "net-to-net": We cannot identify ourselves with either end of this
connection.
I'm wondering if this is linked to the left/right id options: Do I need
to register thes dns names somewhere else (in my gateway for example) ?
Le 30/11/2010 18:06, Randy Wyatt a écrit :
>
> ike has to equal 3des-md5 or 3des-sha1 according to ipsec.conf.
>
> If your not using aggresive mode, I would not specify either line.
>
>
>
> -----Original Message-----
> From: users-bounces at openswan.org on behalf of long at magillem.com
> Sent: Tue 11/30/2010 8:34 AM
> To: users at openswan.org
> Subject: [Openswan Users] problem with net-to-net configuration
>
> Hi :)
>
> I need help to configure openswan for a net-to-net vpn. I've installed
> openswan on ubuntu 9.10 and i followed various topics on the web to
> configure /etc/ipsec.conf and /etc/ipsec.secrets.
>
> I want to create a net-to-net vpn with PSK. Here are my configuration
> files :
>
>
> /etc/ipsec.conf :
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
> # RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
>
> # This file: /usr/share/doc/openswan/ipsec.conf-sample
> #
> # Manual: ipsec.conf.5
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> nat_traversal=yes
> oe=off
> protostack=netkey
>
> #vpn connection
> conn net-to-net
> keyingtries=3
> authby=secret
> keyexchange=ike
> ike=3des-modp1024
> esp=3des-md5,3des-sha1
> left=217.128.31.99
> leftid=@vpn1.mysite.com
> leftsubnet=192.168.2.100/30
> leftnexthop=%defaultroute
> right=82.239.74.246
> rightid=@vpn2.mysite.com
> rightsubnet=192.168.1.100/30
> rightnexthop=%defaultroute
> auto=start
>
>
> and /etc/ipsec.secrets :
>
> 217.128.31.99 82.239.74.246: PSK "my secret key"
>
> The command ipsec verify is OK but when I use ipsec auto --up net-to-net,
> I have the following error : no connection named "net-to-net".
>
> With the command: ipsec barf, I get the following error :
>
> "Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,
> enc_alg="3des", auth_alg="modp1024", modp="""
>
> It seems like 3des is not installed or not recognized by pluto. If it is
> the case, what can I do to make it work?
>
> Thank you :)
>
>
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101130/bda5ad23/attachment-0001.html
More information about the Users
mailing list