[strongSwan] strongswan <=> openswan

Gary Smith gary.smith at holdstead.com
Sun Feb 27 19:04:13 CET 2011 

> 
> using certificates Openswan should smoothly interoperate smoothly
> with strongSwan (actually I'm the author of the X.509 Openswan code).
> The configuration should be more or less identical to strongSwan's.
> 
> Best  regards
> 
> Andreas
> 


# The openswan server
config setup
        protostack=netkey 
        nat_traversal=yes
        plutodebug=all

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        #keyexchange=ikev2
        #mobike=no

conn fre-sli
        type=           tunnel
        authby=         rsasig
        left=           openswanip
        leftcert=       openswankey.pem
        leftid=         @openswanid
        leftsubnet=     10.60.1.0/24
        right=          strongswanip
        rightid=        @strongswanid
        rightsubnet=    10.40.0.0/16
        keyexchange=    ike
        auto=           start


# The strongswan server
config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=yes

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        mobike=no

conn fre-sli
        left=           strongswanlocalip
        leftcert=       strongswanlocalkey.pem
        leftid=         @strongswanid
        leftsubnet=     10.40.0.0/16
        leftfirewall=   yes
        right=          openswanip
        rightid=	@openswanid
        rightsubnet=    10.60.1.0/24
        keyexchange=    ike
        auto=           start


I get:
initial Main Mode message received on strongswanip:500 but no connection has been authorized with policy=PUBKEY

I know I'm probably just missing something simply. Can you guide me in the right diraction.

More information about the Users mailing list