[Openswan Users] IPSec between virtual machines
Paolo Smiraglia
paolo.smiraglia at gmail.com
Mon Feb 7 09:12:55 EST 2011
> If you eth0 is part of a bridge, you cannot/should not put an IP address
> on it. In my experience that does not work. You can put it as alias on
> the br0 device.
Interesting! I will try it...
>> config setup
>> protostack=netkey
>> nat_traversal=yes
>> virtual_private=%v4:172.16.1.0/24
>
> This makes no sense. Since there is no NAT involed AFAIK, you should just
> comment it out.
Ok!
> You cannot put an empty line in a "conn". Remove the empty line or put an
> indented # there
Sure? No warning/error message is showed about it...
> You can also not have the same subnet on left and right. I assume you are
> making host-host
> tunnels between the VMs, so remote the subnet lines.
This is a very very usefull information...
> But I'm still confused about what it is you are trying to do to begin with.
>
>> $> service ipsec start
>> $> ipsec auto --add net2net
>> $> ipsec auto --up net2net
>> [...]
>> 004 "net2net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>> tunnel mode...
>
> with the above config this can never happen, so this is a case of "the
> customer
> is lying". Your config does not match the claimed logs.
Sorry, you're right! I mistake a log-file. Tanks for the reply....
--
PAOLO SMIRAGLIA
http://portale.isf.polito.it/paolo-smiraglia
More information about the Users
mailing list