Strongswan (fwd)
Roger Grosswiler
roger at gwch.net
Mon Feb 2 07:17:31 UTC 2009
> On Fri, 30 Jan 2009, Roger Grosswiler wrote:
>
>> installing ipsec-tools brings you one tab more in
>> system-config-network, where you can go and create h2h and
>> n2n-connections. Still it is not in the same place as the 2 others,
>> which makes usability harder.
>
> Ahhh. That is the old racoon/ipsec-tools. Even RedHat has moved away
> from that and towards Openswan for that.
>
> Paul
>
Oki Paul, just to get it, i tried again the Roadwarrior-Configuration from Openswans
Homepage.
I activated the include from ipsec.conf, as i inserted a client.conf on the client side
and a server.conf on the server-side :)
Service ipsec starts. Then, trying to connect using ipsec auto --up road fails. In the
logs, i see the following:
UNKNOWN: Feb 1 14:12:10 server pluto[22104]: "road"[21] 192.168.3.116 #21: no RSA
public key known for '@mydomain.net'
and
Peer road[456] caused 16 lines of output.
connected from:192.168.3.116
Keyed: 0 successes 1 failures (max retries: 0)
IPsec SAs: 0
What do those messages mean?
from server and client, i just copied the output from the rightsigkey or leftsigkey
(which are on the machine both the same?) using ipsec showhostkey --left/right into the
according configs. Or do i have to copy the whole bunch of lines of the key? My machines
are FQDN via DNS, but not on local name resolution. So asking my server via dns brings
server at mydomain.net, the entry in the resolv.conf is without the domain-part.
Thanks for your help.
Roger
More information about the fedora-list
mailing list