<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi I am trying to setup an ipsec tunnel but I have got some errors
that I couldn't solve.<br>
<br>
---------------------------<br>
<br>
moon:<br>
<br>
<font color="#009900"># ipsec.conf - strongSwan IPsec configuration
file<br>
<br>
# basic configuration<br>
<br>
config setup<br>
# plutodebug=all<br>
crlcheckinterval=180<br>
strictcrlpolicy=no<br>
# cachecrls=yes<br>
# nat_traversal=yes<br>
# charonstart=no<br>
plutostart=no<br>
<br>
# Add connections here.<br>
<br>
conn %default<br>
ikelifetime=60m<br>
keylife=20m<br>
rekeymargin=3m<br>
keyingtries=1<br>
keyexchange=ikev2<br>
#ike=aes128-sha256-modp2048!<br>
#esp=aes128-sha256-modp2048!<br>
left=147.87.107.20<br>
leftsubnet=10.1.0.0/16<br>
leftcert=moonCert.pem<br>
leftid="C=CH,O=BFH, CN=gad"<br>
leftfirewall=yes<br>
<br>
conn rw<br>
right=%any<br>
rightsourceip=%dhcp<br>
auto=add<br>
</font><br>
<br>
<br>
<font color="#ff0000"># /etc/ipsec.secrets - strongSwan IPsec
secrets file<br>
<br>
: RSA moonKey.pem "mypassword"</font><br>
<br>
---------------------------------------------------------------------------<br>
<br>
carol:<br>
<br>
<font color="#009900"># ipsec.conf - strongSwan IPsec configuration
file<br>
<br>
# basic configuration<br>
<br>
config setup<br>
# plutodebug=all<br>
crlcheckinterval=180<br>
strictcrlpolicy=no<br>
# cachecrls=yes<br>
# nat_traversal=yes<br>
# charonstart=no<br>
plutostart=no<br>
<br>
# Add connections here.<br>
<br>
# Sample VPN connections<br>
<br>
conn %default<br>
ikelifetime=60m<br>
keylife=20m<br>
rekeymargin=3m<br>
keyingtries=1<br>
keyexchange=ikev2<br>
#ike=aes128-sha256-modp2048!<br>
#esp=aes128-sha256-modp2048!<br>
<br>
<br>
conn home<br>
left=147.87.107.19<br>
leftsourceip=%config<br>
leftcert=carolCert.pem<br>
leftid="C=CH, O=BFH, CN=carol"<br>
leftfirewall=yes<br>
right=147.87.107.20<br>
rightsubnet=10.1.0.0/16<br>
rightid="C=CH, O=BFH, CN=gad"<br>
auto=add</font><br>
<br>
<br>
<font color="#ff0000"># /etc/ipsec.secrets - strongSwan IPsec
secrets file<br>
<br>
: RSA carolKey.pem "mypassword"<br>
<br>
<font color="#3333ff">--------------------------------------------------------------<br>
<br>
moon error:<br>
<br>
[root@moon ~]# ipsec restart<br>
Stopping strongSwan IPsec...<br>
Starting strongSwan 4.4.0 IPsec [starter]...<br>
[root@moon ~]# ipsec up rw<br>
unable to initiate to %any<br>
<br>
<br>
carol error:<br>
</font></font><font color="#3333ff"><br>
[root@carol log]# cat /etc/ipsec.secrets<br>
# /etc/ipsec.secrets - strongSwan IPsec secrets file<br>
<br>
: RSA carolKey.pem "daniel"<br>
[root@carol log]# ^C<br>
[root@carol log]# ipsec restart<br>
Stopping strongSwan IPsec...<br>
Starting strongSwan 4.4.0 IPsec [starter]...<br>
[root@carol log]# ipsec up home<br>
initiating IKE_SA home[1] to 147.87.107.20<br>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) ]<br>
sending packet: from 147.87.107.19[500] to 147.87.107.20[500]<br>
received packet: from 147.87.107.20[500] to 147.87.107.19[500]<br>
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ N(MULT_AUTH) ]<br>
received cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL,
CN=gad, <a class="moz-txt-link-abbreviated" href="mailto:E=gad@bfh.ch">E=gad@bfh.ch</a>"<br>
sending cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL,
CN=gad, <a class="moz-txt-link-abbreviated" href="mailto:E=gad@bfh.ch">E=gad@bfh.ch</a>"<br>
<b><font color="#ff0000">no private key found</font></b> for
'C=CH, ST=Bern, O=BFH, OU=SEL, CN=carol, <a class="moz-txt-link-abbreviated" href="mailto:E=carol@bfh.ch">E=carol@bfh.ch</a>'<br>
[root@carol log]#</font><br>
<br>
Thank you for your help!<br>
<br>
cheers<br>
<br>
Daniel<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>