[Openswan Users] Openswan on Ubuntu: we cannot identify ourselves with either end of this connection
systems.satpal at gmail.com
Sun Sep 25 23:20:49 EDT 2011
I am testing ipsec host to host communication. Things went fine when I was
running with pre-shared keys and I was able to build tunnel. I concluded
this means Pluto is running fine, my kernel/pluto config are ok and things
are running in sync.
However when I switched to RSA thing are not working as smoothly. I found
my ipsec.secrets key empty on Ubuntu side. When I try to run ipsec
newhostley --output /etc/ipsec.secrets I got '--confdir required' err
message. I tried to create new NSS databse using certutil
failed complaining 'could not authenticate token 'NSS certification DB'
which I am not sure Iunderstood.
Finally I was able to created keys using: ---configdir /etc/pki/nssdb.
Now I have rsa sig on both side ipsec.secrets and minimal config
(leftip,leftsidesig, rightip,rightsidesig) but when I up the connection I
get 'we cannot identify ourselves with either end of this connection' on
Ubuntu side and retransmission failure message on red hat side (whic i think
is ok as Ubuntu side failed to respond).
I am looking for minimal checklist to confirm my setup/conf is right. I find
error message from openswan config n setup are not very explicit n for very
error message I have to google and filter a lots of old and new config
data.Though I am currently focused on running RSA in one go I will try to
document all issues I got and how I resolved them and post it here someday.
I request you to share your latest tryst with running open swan on any linux
distro. Last but not the least do let me know how to debug/proceed from 'we
cannot identify ourselves with either end of this connection' situation.
Thanks in advance.
Ubuntu 10 /Opsenswan 2.6.23 <-------------------------------->Redheat 5
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users