[Openswan Users] Noob trying basic net-to-net to IPCOP

Chris cjdl01 at brokensolstice.com
Thu Apr 28 19:35:21 EDT 2011


I am totally new to this IPSEC thing.  I have done some reading, but I  
still don't have a good grasp on everything yet.  I figure, once I get  
one of these to work, things will start to solidify.

For starters, I'm trying to make a basic net-to-net connection to an  
IPCOP firewall.  However, I'm finding some issues there.

My left box, is a Debian Squeeze box with openswan 1:2.6.28+dfsg-5.   
My right box is the latest version of IPCOP which reports having  
Openswan 1.0.10 (from ipsec --version).

I'm trying to follow the most basic tutorial on the openswan wiki, but  
I find two problems:

1) the ipcop machine, when I issue ipsec verify, fails on  
/etc/ipsec.secrets saying "ipsec showhostkey: no default key in  
"/etc/ipsec.secrets", and again on "Looking for forward key for  
2) (not unrelated, I'm sure) when I issue ipsec showhostkey --right,  
it gives me the same error: "ipsec showhostkey: no default key in  

I did make a host key using the vpn tab.  I made a net-to-net  
connection with a certificate, and I created a root certificate and a  
host certificate.

I need to connect to an IPCOP machine, so I'm stuck there.  I didn't  
think there would be a problem because it uses OpenSwan, but clearly  
I'm missing something major here, and I cannot find any help on the  

Can someone please illuminate this noob?

Thank you!

More information about the Users mailing list