[strongSwan] Equivalent strongswan settings for racoon config
cellkites at hushmail.com
cellkites at hushmail.com
Sat Sep 20 02:48:28 CEST 2014
Apologies, cutting and pasting must have mangled the email, here's my
ipsec.conf
conn test
keyexchange=ikev1
left=x.x.x.x
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightid=test at test.com
rightsourceip=192.168.100.0/24
auto=add
compress=yes
ike=aes128-sha1-modp1024!
esp=aes128-sha1!
authby=secret
and ipsec.secrets
x.x.x.x test at test.com : PSK "password"
and here's the log entries i get;
charon: 12[CFG] looking for pre-shared key peer configs matching
x.x.x.x...y.y.y.y[z.z.z.z]
charon: 12[IKE] no peer config found
charon: 12[ENC] generating INFORMATIONAL_V1 request 3091113035 [ HASH
N(AUTH_FAILED) ]
charon: 12[NET] sending packet: from x.x.x.x[4500] to y.y.y.y[4500]
(92 bytes)
x.x.x.x - is my private internal ip
y.y.y.y - the initiators public ip
z.z.z.z - is the initiators internal private ip
On 19/9/2014 at 4:48 PM, "Martin Willi" wrote:Hi,
> It's seems fairly straightforward however I am continually
> getting the error "no ike config found".
> conn test
> keyexchange=ikev1
> nat_traversal=yes
nat_traversal is not a conn specific option, and has been deprecated
with 5.x.
> left=x.x.x.x
Usually you define the right side as remote, so set right to the peers
address. If you set left, set it to a local address to use.
Further, you may add something like:
ike=aes128-sha1-modp1024!
esp=aes-sha1!
rightid=test at test.com
Also you probably need a leftid for your local peer, and put your
password in ipsec.secrets.
Please include a log excerpt of your connection attempt if it doesn't
work.
Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140920/f7d63f45/attachment.html>
More information about the Users
mailing list