[Openswan Users] EC2 and Openswan
Tuomo Soini
tis at foobar.fi
Thu Nov 24 01:17:05 EST 2011
On Wed, 23 Nov 2011 15:03:32 -0800
Mir Islam <mislam at mirislam.com> wrote:
> Hi Paul, thanks for that guide. I have leftsourceip in my config
> (and also in original email). Only difference is it is not elastic
> IP, but rather the public ip that Amazon assigns to each instances. I
> did not add that ip as a virtual interface to eth0 though since I
> have a newer OpenSwan (openswan-2.6.32-1.9.amzn1.x86_64) installed.
> Thanks. Mir.
>
>
> conn sonicwall
> leftsubnet=172.25.1.0/24
Here is your problem: leftsubnet does not match leftsourceip. Only
50.19.X.X ip is static so it should be your leftsubnet with /32 netmask.
You are also missing leftid=50.19.X.X
> left=%defaultroute
> forceencaps=yes
> leftsourceip=50.19.X.X
> right=99.22.X.X
> rightsubnet=172.29.0.0/16
> keyingtries=0
keyingtries=%forever
> pfs=no
> aggrmode=no
> auto=add
> auth=esp
> ike=aes-256-sha1
> esp=aes-256-sha1
These are completely wrong, both ike= and esp=, you have extra "-" char
(and you use legacy config option)
ike=aes256-sha1
phase2alg=aes256-sha1
I'm quite sure you should set dhgroup for ike...
> authby=secret
>
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list