[Swan] Connecting to a Digi WR44

Paul Wouters paul at nohats.ca
Mon Mar 23 18:53:19 EET 2015

On Mon, 23 Mar 2015, John Serink wrote:

> 002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'
> 003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'

It's using ID_KEY_ID as type.

> conn Oman
>      rightid=@AmnasAdmin

But you are using type FQDN.

>From the ipsec.conf man page:

            how the left participant should be identified for authentication; defaults to left. Can be an IP address (in any
            ipsec_ttoaddr(3) syntax) or a fully-qualified domain name which will be resolved. If preceded by @, the value is used as a
            literal string and will not be resolved. To support opaque identifiers (usually of type ID_KEY_ID, such as used by Cisco to
            specify Group Name, use square brackets, eg rightid=@[GroupName].

So try: rightid=@[AmnasAdmin]

> Secrets file looks like this (key replaced with x's):
> @jserinki7  : PSK "xxxxxxxxx"

These would have to match up the IDs, so:

@[AmnasAdmin] @jserinki7 : : PSK "xxxxxxxxx"


More information about the Swan mailing list