[Openswan Users] problem with net-to-net configuration

Randy Wyatt rwyatt at nvtl.com
Tue Nov 30 13:08:22 EST 2010 

Use leftid rightid in IPSec.secrets.

Randy

Sent from my iPhone

On Nov 30, 2010, at 10:05 AM, "Gary Long" <long at magillem.com> wrote:

> Thank you for this explanation :)
> 
> I changed my ipsec.conf as :
> 
> conn net-to-net
>         keyingtries=3
>         authby=secret
>         keyexchange=ike
>         #ike=3des-modp1024
>         #esp=3des-md5,3des-sha1
>         left=217.128.31.99
>         leftid=@vpn1.mysite.com
>         leftsubnet=192.168.1.200/30
>         leftnexthop=%defaultroute
>         right=82.239.74.246
>         rightid=@vpn2.mysite.com
>         rightsubnet=192.168.1.100/30
>         rightnexthop=%defaultroute
>         auto=start
> 
> I also changed the leftsubnet. Now with ipsec auto --up net-to-net I get :
> 
> 022 "net-to-net": We cannot identify ourselves with either end of this connection.
> 
> I'm wondering if this is linked to the left/right id options: Do I need to register thes dns names somewhere else (in my gateway for example) ? 
> 
> 
> Le 30/11/2010 18:06, Randy Wyatt a écrit :
>> 
>> 
>> ike has to equal 3des-md5 or 3des-sha1 according to ipsec.conf.
>> 
>> If your not using aggresive mode, I would not specify either line.
>> 
>> 
>> 
>> -----Original Message-----
>> From: users-bounces at openswan.org on behalf of long at magillem.com
>> Sent: Tue 11/30/2010 8:34 AM
>> To: users at openswan.org
>> Subject: [Openswan Users] problem with net-to-net configuration
>> 
>> Hi :)
>> 
>> I need help to configure openswan for a net-to-net vpn. I've installed
>> openswan on ubuntu 9.10 and i followed various topics on the web to
>> configure /etc/ipsec.conf and /etc/ipsec.secrets.
>> 
>> I want to create a net-to-net vpn with PSK. Here are my configuration files :
>> 
>> 
>> /etc/ipsec.conf :
>> 
>> # /etc/ipsec.conf - Openswan IPsec configuration file
>> # RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
>> 
>> # This file:  /usr/share/doc/openswan/ipsec.conf-sample
>> #
>> # Manual:     ipsec.conf.5
>> 
>> 
>> version 2.0     # conforms to second version of ipsec.conf specification
>> 
>> # basic configuration
>> config setup
>>         nat_traversal=yes
>>         oe=off
>>         protostack=netkey
>> 
>> #vpn connection
>> conn net-to-net
>>         keyingtries=3
>>         authby=secret
>>         keyexchange=ike
>>         ike=3des-modp1024
>>         esp=3des-md5,3des-sha1
>>         left=217.128.31.99
>>         leftid=@vpn1.mysite.com
>>         leftsubnet=192.168.2.100/30
>>         leftnexthop=%defaultroute
>>         right=82.239.74.246
>>         rightid=@vpn2.mysite.com
>>         rightsubnet=192.168.1.100/30
>>         rightnexthop=%defaultroute
>>         auto=start
>> 
>> 
>> and /etc/ipsec.secrets :
>> 
>> 217.128.31.99 82.239.74.246: PSK "my secret key"
>> 
>> The command ipsec verify is OK but when I use ipsec auto --up net-to-net,
>> I have the following error : no connection named "net-to-net".
>> 
>> With the command: ipsec barf, I get the following error :
>> 
>> "Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,
>> enc_alg="3des", auth_alg="modp1024", modp="""
>> 
>> It seems like 3des is not installed or not recognized by pluto. If it is
>> the case, what can I do to make it work?
>> 
>> Thank you :)
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101130/1cec0ebe/attachment.html

More information about the Users mailing list