CentOS 6.5 Openswan 2.6.32 <<IPSEC Tunnel>> Cisco ASR
512 views
Skip to first unread message
Giridhar Nalmar
Jul 2, 2014, 3:20:40 AM7/2/14
to gce-dis...@googlegroups.com
Hi There,
Need some help with IPsec VPN Tunnel.
Right end:
Cisco ASR
Left-end:
Openswan Version 2.6.32-27.4.el6_5
CentOS release 6.5
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8
cat /etc/ipsec.conf
config setupprotostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8
oe=off
include /etc/ipsec.d/*.conf
include /etc/ipsec.d/*.conf
cat /etc/ipsec.d/app.conf
conn bugtogo
authby=secret
auto=start
type=tunnel
left=L.e.f.t <public IP>
leftid=10.1.11.20 <Network IP>
leftsubnet=10.0.0.0/8
right=R.i.t.e
rightsubnets={a.b.c.d/32,A.B.C.D/32}
ike=3des-md5
phase2=esp
phase2alg=3des-md5
%any %any: PSK "<pass>"
Logs:
Jul 2 06:57:14 <hostname> pluto: adjusting ipsec.d to /etc/ipsec.d
Jul 2 06:57:14 <hostname> ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jul 2 06:57:14 <hostname> ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Jul 2 06:57:14 <hostname> ipsec__plutorun: 002 added connection description "<conn_name>/0x1"
Jul 2 06:57:14 <hostname> ipsec__plutorun: 002 added connection description "<conn_name>/0x2"
Jul 2 06:57:14 <hostname> ipsec__plutorun: 021 no connection named "<conn_name>"
Jul 2 06:57:14 <hostname> ipsec__plutorun: 000 initiating all conns with alias='<conn_name>'
Jul 2 06:57:14 <hostname> ipsec__plutorun: 022 "<conn_name>/0x2": We cannot identify ourselves with either end of this connection.
Jul 2 06:57:14 <hostname> ipsec__plutorun: 022 "<conn_name>/0x1": We cannot identify ourselves with either end of this connection.
Jul 2 06:57:14 <hostname> ipsec__plutorun: 021 no connection named "<conn_name>"
B+ve
Giridhar
Marilu
Jul 2, 2014, 2:44:23 PM7/2/14
to gce-dis...@googlegroups.com
Hi Giridhar,
Can you be more specific on what do you need?
Marilu
Giridhar Nalmar
Jul 2, 2014, 3:01:17 PM7/2/14
to gce-dis...@googlegroups.com
Hi Marilu,
I worked around by Googling and changing configurations with no luck, now with the config I provided, logs say
I worked around by Googling and changing configurations with no luck, now with the config I provided, logs say
ipsec__plutorun: 022 "<conn_name>/0x2": We cannot identify ourselves with either end of this connection.
Jul 2 06:57:14 <hostname> ipsec__plutorun: 022 "<conn_name>/0x1": We cannot identify ourselves with either end of this connection.
Jul 2 06:57:14 <hostname> ipsec__plutorun: 021 no connection named "<conn_name>"
Jul 2 06:57:14 <hostname> ipsec__plutorun: 022 "<conn_name>/0x1": We cannot identify ourselves with either end of this connection.
Jul 2 06:57:14 <hostname> ipsec__plutorun: 021 no connection named "<conn_name>"
Giridhar
Marilu
Jul 3, 2014, 11:13:00 AM7/3/14
to gce-dis...@googlegroups.com
Giridhar
I'm not very familiar with this topic, however I noticed that in your file app.conf you have setup 'authby=secret' and then your file 'app.secrets' is showing a PSK, you can try 'authby=psk'in your configuration.
This video minutes 19:28 and this link https://developers.google.com/compute/docs/networking#settingupvpn wil be helpful for you.
Marilu
Reply all
Reply to author
Forward
0 new messages