[Openswan Users] Openswan on Ubuntu: we cannot identify ourselves with either end of this connection

satpal parmar systems.satpal at gmail.com
Sun Sep 25 23:20:49 EDT 2011 

Hi All

I am testing ipsec host to host communication. Things went fine when I was
running with pre-shared keys and I was able to build tunnel. I concluded
this means Pluto is running fine, my kernel/pluto config are ok and things
are running in sync.

However  when I switched to RSA thing are not working as smoothly. I found
my ipsec.secrets key empty on Ubuntu side. When I try to run ipsec
newhostley --output /etc/ipsec.secrets  I got '--confdir required' err
message. I tried to create new NSS databse using certutil
 failed complaining  'could not authenticate token 'NSS certification DB'
 which I am not sure Iunderstood.

Finally I was able to created keys using: ---configdir /etc/pki/nssdb.

Now I have rsa sig  on both side ipsec.secrets and  minimal config
(leftip,leftsidesig, rightip,rightsidesig) but when I up the connection I
get 'we cannot identify ourselves with either end of this connection' on
Ubuntu side and retransmission failure message on red hat side (whic i think
is ok as Ubuntu side failed to respond).

I am looking for minimal checklist to confirm my setup/conf is right. I find
error message from openswan config n setup are not very explicit n for very
error message I have to google and filter  a lots of old and new config
data.Though I am currently focused on running RSA in one go I will try to
document all issues I got and how I resolved them  and post it here someday.

I request you to share your latest tryst with running open swan on any linux
distro. Last but not the least do let me know how to debug/proceed from 'we
cannot identify ourselves with either end of this connection' situation.

Thanks in advance.

-SP

===============================================================
My Setup:

Ubuntu 10 /Opsenswan 2.6.23  <-------------------------------->Redheat 5
/openswan 2.6.21
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110926/01492da3/attachment.html

More information about the Users mailing list