[Openswan Users] Site-2-site vpn "No KLIPS support"
Jakub Sobczak
sopel1000 at gmail.com
Fri Oct 5 12:38:20 EDT 2012
Thanks,
I added rightid=PUBLIC_IP_ADDRESS and it seems to be working.
I also did "ipsec auto --rereadsecrets" because I put new keys, but still
the tunnel has failed to setup.
I am supposed to use DH group 2, so I figured I have to set modp1024, is
that correct?
They told me to set it that way: ike phase 1
conn abc
#General
keyingtries=1
auto=start
#IKE Params
authby=secret
keyexchange=ike
ikelifetime=8h
ike=aes256-sha1-modp1024
#IPSec Params
type=tunnel
auth=esp
pfs=yes
compress=no
keylife=60m
esp=aes256-sha1
left=my-gw-ip
leftsubnet=my-subnet
leftnexthop=my-next-hop-ip
rightid=public-ip
right=remote-gw-ip
rightsubnet=some-remote-subnet
rightnexthop=%defaultroute
Regards
Jakub
On Fri, 5 Oct 2012, Jakub Sobczak wrote:
>
> 003 "company" #5: we require peer to have ID 'PUBLIC_IP_ADDRESS', but
>> peer declares 'PRIVATE_IP_ADDRESS'
>>
>
> On the unit behind nat, assuming in that config file they are "left",
> add leftid=publicip.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121005/1150905a/attachment.html>
More information about the Users
mailing list