[Swan] Connecting to a Digi WR44

Paul Wouters paul at nohats.ca
Mon Mar 23 18:53:19 EET 2015


On Mon, 23 Mar 2015, John Serink wrote:

> 002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'
> 003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'

It's using ID_KEY_ID as type.

> conn Oman
[...]
>      rightid=@AmnasAdmin
[...]

But you are using type FQDN.

>From the ipsec.conf man page:

        leftid
            how the left participant should be identified for authentication; defaults to left. Can be an IP address (in any
            ipsec_ttoaddr(3) syntax) or a fully-qualified domain name which will be resolved. If preceded by @, the value is used as a
            literal string and will not be resolved. To support opaque identifiers (usually of type ID_KEY_ID, such as used by Cisco to
            specify Group Name, use square brackets, eg rightid=@[GroupName].

So try: rightid=@[AmnasAdmin]

> Secrets file looks like this (key replaced with x's):
> 62.231.251.146 @jserinki7  : PSK "xxxxxxxxx"

These would have to match up the IDs, so:

@[AmnasAdmin] @jserinki7 : : PSK "xxxxxxxxx"

Paul


More information about the Swan mailing list