[Openswan Users] problem with net-to-net configuration

Gary Long long at magillem.com
Tue Nov 30 13:25:34 EST 2010 

I tried to remove these options from my config file but the error 
message is still the same.
I have only one network interface on both sides which is eth0. Each 
machine use the gateway dhcp to get its ip adress but these adresses are 
set static via the gateway configuration panel.

Should I also set these ip adresses in the network manager on my two 
computers?

Le 30/11/2010 19:08, Randy Wyatt a écrit :
> Use leftid rightid in IPSec.secrets.
>
> Randy
>
> Sent from my iPhone
>
> On Nov 30, 2010, at 10:05 AM, "Gary Long" <long at magillem.com 
> <mailto:long at magillem.com>> wrote:
>
>> Thank you for this explanation :)
>>
>> I changed my ipsec.conf as :
>>
>> conn net-to-net
>>         keyingtries=3
>>         authby=secret
>>         keyexchange=ike
>>         #ike=3des-modp1024
>>         #esp=3des-md5,3des-sha1
>>         left=217.128.31.99
>> leftid=@vpn1.mysite.com <mailto:leftid=@vpn1.mysite.com>
>>         leftsubnet=192.168.1.200/30
>>         leftnexthop=%defaultroute
>>         right=82.239.74.246
>> rightid=@vpn2.mysite.com <mailto:rightid=@vpn2.mysite.com>
>>         rightsubnet=192.168.1.100/30
>>         rightnexthop=%defaultroute
>>         auto=start
>>
>> I also changed the leftsubnet. Now with ipsec auto --up net-to-net I 
>> get :
>>
>> 022 "net-to-net": We cannot identify ourselves with either end of 
>> this connection.
>>
>> I'm wondering if this is linked to the left/right id options: Do I 
>> need to register thes dns names somewhere else (in my gateway for 
>> example) ?
>>
>>
>> Le 30/11/2010 18:06, Randy Wyatt a écrit :
>>>
>>> ike has to equal 3des-md5 or 3des-sha1 according to ipsec.conf.
>>>
>>> If your not using aggresive mode, I would not specify either line.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: users-bounces at openswan.org <mailto:users-bounces at openswan.org> 
>>> on behalf of long at magillem.com <mailto:long at magillem.com>
>>> Sent: Tue 11/30/2010 8:34 AM
>>> To: users at openswan.org <mailto:users at openswan.org>
>>> Subject: [Openswan Users] problem with net-to-net configuration
>>>
>>> Hi :)
>>>
>>> I need help to configure openswan for a net-to-net vpn. I've installed
>>> openswan on ubuntu 9.10 and i followed various topics on the web to
>>> configure /etc/ipsec.conf and /etc/ipsec.secrets.
>>>
>>> I want to create a net-to-net vpn with PSK. Here are my 
>>> configuration files :
>>>
>>>
>>> /etc/ipsec.conf :
>>>
>>> # /etc/ipsec.conf - Openswan IPsec configuration file
>>> # RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
>>>
>>> # This file:  /usr/share/doc/openswan/ipsec.conf-sample
>>> #
>>> # Manual:     ipsec.conf.5
>>>
>>>
>>> version 2.0     # conforms to second version of ipsec.conf specification
>>>
>>> # basic configuration
>>> config setup
>>>         nat_traversal=yes
>>>         oe=off
>>>         protostack=netkey
>>>
>>> #vpn connection
>>> conn net-to-net
>>>         keyingtries=3
>>>         authby=secret
>>>         keyexchange=ike
>>>         ike=3des-modp1024
>>>         esp=3des-md5,3des-sha1
>>>         left=217.128.31.99
>>> leftid=@vpn1.mysite.com <mailto:leftid=@vpn1.mysite.com>
>>>         leftsubnet=192.168.2.100/30
>>>         leftnexthop=%defaultroute
>>>         right=82.239.74.246
>>> rightid=@vpn2.mysite.com <mailto:rightid=@vpn2.mysite.com>
>>>         rightsubnet=192.168.1.100/30
>>>         rightnexthop=%defaultroute
>>>         auto=start
>>>
>>>
>>> and /etc/ipsec.secrets :
>>>
>>> 217.128.31.99 82.239.74.246: PSK "my secret key"
>>>
>>> The command ipsec verify is OK but when I use ipsec auto --up 
>>> net-to-net,
>>> I have the following error : no connection named "net-to-net".
>>>
>>> With the command: ipsec barf, I get the following error :
>>>
>>> "Nov 30 17:30:24 gx3 pluto[9838]: esp string error: hash_alg not found,
>>> enc_alg="3des", auth_alg="modp1024", modp="""
>>>
>>> It seems like 3des is not installed or not recognized by pluto. If it is
>>> the case, what can I do to make it work?
>>>
>>> Thank you :)
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at openswan.org <mailto:Users at openswan.org>
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at openswan.org  <mailto:Users at openswan.org>
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Micropayments:https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>> _______________________________________________
>> Users at openswan.org <mailto:Users at openswan.org>
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101130/6d515df6/attachment-0001.html

More information about the Users mailing list