[Openswan Users] Yet Another EC2 Config Debug

Paul Wouters paul at xelerance.com
Fri Sep 9 16:19:59 EDT 2011


On Thu, 8 Sep 2011, James Nelson wrote:

> Sep  8 19:51:18 pluto[3535]: "ec2check" #1: Can't authenticate: no preshared key found for `<EC2 ELASTIC IP>' and `<CLIENT
> GATEWAY>'.  Attribute OAKLEY_AUTHENTICATION_METHOD
> Sep  8 19:51:18 pluto[3535]: "ec2check" #1: no acceptable Oakley Transform
> Sep  8 19:51:18 pluto[3535]: "ec2check" #1: sending notification NO_PROPOSAL_CHOSEN to <CLIENT GATEWAY>:500
> 
> The necessary lines in the .conf:
> 
>         left=<EC2 LOCAL IP>
>         leftid=<EC2 ELASTIC IP>
>         right=<CLIENT GATEWAY>

> And the line in the .secrets:
> <EC2 ELASTIC IP> <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"

try:

<EC2 LOCAL IP> <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"

openswan checks its own IP to determine the secret. It uses the leftid if
that's a non-IP ID payload, but in your case there is an ip based ID
payload (just nor our IP)

If your local IP changes, you can also put in:

0.0.0.0 %any  <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"

Paul


More information about the Users mailing list