[Swan] ipsec tunnel between 2 hosts on same switch
bmoyni01 at vodafone.ie
bmoyni01 at vodafone.ie
Thu Oct 16 13:45:40 EEST 2014
hello,
forgive the simplicity of this...
I was trying to create tunnel - host to host where both are on the
same switch.
I have the following on each machine.
ipsec.conf
config setup
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0
/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
conn ipsec0
type=tunnel
authby=secret
auto=start
left=192.168.30.51
leftid=@left.com
right=192.168.30.50
rightid=@right.com
ipsec.secrets
%any %any : PSK "preshared key"
ifconfig -a
em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.30.51 netmask 255.255.0.0 broadcast
192.168.255.255
When I do:
ipsec auto --up ipsec0
I get:
022 "ipsec0": We cannot identify ourselves with either end of this
connection.
in pluto log:
|
| *received whack message
| processing connection ipsec0
"ipsec0": We cannot identify ourselves with either end of this
connection.
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_PHASE2 in 41 seconds
| next event EVENT_PENDING_PHASE2 in 41 seconds
I have read this example:
https://libreswan.org/wiki/Host_to_host_VPN_with_PSK
Based on man ipsec.conf
left
(required) the IP address of the left participant's public-
network interface, in any
form accepted by ipsec_ttoaddr(3).
In the Host to host VPN with PSK example:
192.0.2.254/24 eth0 WEST eth1 192.1.2.23 --[internet]-- 192.1.2.45
eth1 EAST eth0 192.0.1.254/24
Are 192.1.2.23 and 192.1.2.45 default gateways?
Does this even matter when its host to host on same switch?
Is the example based on 2 hosts in the same LAN?
would appreciate any input .
thank you.
I'm using Vodafone Mail - to get your free mobile email account go to http://www.vodafone.ie
Use of Vodafone Mail is subject to Terms and Conditions http://www.vodafone.ie/terms/website
More information about the Swan
mailing list