From: marc gazal (marc.gazal_at_snam.com)
Date: Wed Oct 30 2002 - 18:28:57 CET
Hello,
I Have a problem when I attempt to "up" my sample connection.
When I Type "ipsec auto --up sample" on the road warrior using modem
pppd dynamic IP address, The system returns error saying :
No preshared key for U.V.W.X and A.B.C.D
U.V.W.X = ip address of ppp0 interface
A.B.C.D = public static IP address of router on the other side
So I Stop the connection : ipsec auto --down sample
I modify ipsec.secrets so that it is U.V.W.X A.B.C.D "secret"
I read back the secrets : ipsec auto --rereadsecrets
I attempt to launch the connetion : ipsec auto --up sample
and It works fine !!
Can someone help me to get something working so i'm not obliged to change
ipsec.secrets of the road warrior each time I get a new Ip address ?
Both machines are linux mandrake 8.1 kernel 2.4.8-26mdk
freeeswan 1.96.
Thanks
Marc Gazal
#-------------- IPSEC.CONF of ROADWARRIOR -----------------------------
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
#leftrsasigkey=%dns
#rightrsasigkey=%dns
# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone
left=%defaultroute
right=%opportunistic
# uncomment to enable incoming; change to auto=route for outgoing
#auto=add
# sample VPN connection
conn sample
authby=secret
# Left security gateway, subnet behind it, next hop toward right.
left=A.B.C.D
leftsubnet=192.168.10.0/24
leftnexthop=X.Y.Z.T
# Right security gateway, subnet behind it, next hop toward left.
right=%defaultroute
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add
#--------IPSEC.SECRETS OF ROADWARRIOR and ROUTER -----------------------
%any A.B.C.D "secret"
#---------------------- IPSEC.CONF of ROUTER-----------------------------
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces="ipsec0=eth1"
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=1
# RSA authentication with keys from DNS.
#authby=rsasig
#leftrsasigkey=%dns
#rightrsasigkey=%dns
# sample VPN connection
conn sample
authby=secret
# Left security gateway, subnet behind it, next hop toward right.
left=A.B.C.D
leftsubnet=192.168.10.0/24
leftnexthop=X.Y.Z.T
# Right security gateway, subnet behind it, next hop toward left.
right=%any
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Oct 31 2002 - 05:20:35 CET