[Openswan Users] Site-to-site between two OpenSwan machines

abc def botroter at yahoo.com
Fri Jun 8 03:54:31 EDT 2012


Hello,

I have two OpenSwan 2.6.27 VMs using NETKEY and I can't seem to get them to establish a connection. I have a few questions:
1. 

Instead of putting my "conn" definitions right in ipsec.conf, I have an entry in ipsec.conf that says to look for *.conf files in /etc/ipsec.d/
Is that an acceptable way to do it, and will that work if I want to define two tunnels from one machine? So if I just have one file /etc/ipsec.d/tunnels.conf and
inside it's got two "conn" definitions, should it load both connetions or do I need to break them out into individual .conf files?


2.
When I start the machine on the "right" the logging shows that it is waiting for an IKE key, then it loads the secrets file and nothing happens. 
I can then try to send traffic down the tunnel but nothing else happens or gets established. Does this mean that not all the proper ports are open or could that be something else? 


3.
When doing a site-to-site tunnel between two OpenSwan machines, should I enable PFS or any other features, or just "auto=start"?

4.
Can I use PSK when doing a site-to-site between OpenSwan machines, or do I have to use certs in that configuration?



Thank you!!


More information about the Users mailing list