[Openswan Users] Yet Another EC2 Config Debug
Paul Wouters
paul at xelerance.com
Fri Sep 9 16:19:59 EDT 2011
On Thu, 8 Sep 2011, James Nelson wrote:
> Sep 8 19:51:18 pluto[3535]: "ec2check" #1: Can't authenticate: no preshared key found for `<EC2 ELASTIC IP>' and `<CLIENT
> GATEWAY>'. Attribute OAKLEY_AUTHENTICATION_METHOD
> Sep 8 19:51:18 pluto[3535]: "ec2check" #1: no acceptable Oakley Transform
> Sep 8 19:51:18 pluto[3535]: "ec2check" #1: sending notification NO_PROPOSAL_CHOSEN to <CLIENT GATEWAY>:500
>
> The necessary lines in the .conf:
>
> left=<EC2 LOCAL IP>
> leftid=<EC2 ELASTIC IP>
> right=<CLIENT GATEWAY>
> And the line in the .secrets:
> <EC2 ELASTIC IP> <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"
try:
<EC2 LOCAL IP> <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"
openswan checks its own IP to determine the secret. It uses the leftid if
that's a non-IP ID payload, but in your case there is an ip based ID
payload (just nor our IP)
If your local IP changes, you can also put in:
0.0.0.0 %any <CLIENT GATEWAY>: PSK "HeyLookImStillAKey"
Paul
More information about the Users
mailing list