[Swan] ipsec tunnel between 2 hosts on same switch

bmoyni01 at vodafone.ie bmoyni01 at vodafone.ie
Thu Oct 16 13:45:40 EEST 2014


hello,

forgive the simplicity of this...
I was trying to create tunnel - host to host where both are on the 
same switch.

I have the following on each machine.

ipsec.conf

config setup
    protostack=netkey
    nat_traversal=yes
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0
/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

conn ipsec0
    type=tunnel
    authby=secret
    auto=start
    left=192.168.30.51
    leftid=@left.com
    right=192.168.30.50
    rightid=@right.com

ipsec.secrets
%any %any : PSK "preshared key"

ifconfig -a
em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.30.51  netmask 255.255.0.0  broadcast 
192.168.255.255


When I do:
ipsec auto --up ipsec0
I get:
022 "ipsec0": We cannot identify ourselves with either end of this 
connection.

in pluto log:
|  
| *received whack message
| processing connection ipsec0
"ipsec0": We cannot identify ourselves with either end of this 
connection.
| * processed 0 messages from cryptographic helpers 
| next event EVENT_PENDING_PHASE2 in 41 seconds
| next event EVENT_PENDING_PHASE2 in 41 seconds

I have read this example:
https://libreswan.org/wiki/Host_to_host_VPN_with_PSK

Based on man ipsec.conf
left
           (required) the IP address of the left participant's public-
network interface, in any
           form accepted by ipsec_ttoaddr(3).

In the  Host to host VPN with PSK  example:
192.0.2.254/24 eth0 WEST eth1 192.1.2.23 --[internet]-- 192.1.2.45 
eth1 EAST eth0 192.0.1.254/24 
Are 192.1.2.23  and 192.1.2.45 default gateways?

Does this even matter when its host to host on same switch?
Is the example based on 2 hosts in the same LAN?

would appreciate any input .

thank you. 










I'm using Vodafone Mail - to get your free mobile email account go to http://www.vodafone.ie
Use of Vodafone Mail is subject to Terms and Conditions  http://www.vodafone.ie/terms/website



More information about the Swan mailing list