[Swan] Connecting to a Digi WR44
Paul Wouters
paul at nohats.ca
Mon Mar 23 18:53:19 EET 2015
On Mon, 23 Mar 2015, John Serink wrote:
> 002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'
> 003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'
It's using ID_KEY_ID as type.
> conn Oman
[...]
> rightid=@AmnasAdmin
[...]
But you are using type FQDN.
>From the ipsec.conf man page:
leftid
how the left participant should be identified for authentication; defaults to left. Can be an IP address (in any
ipsec_ttoaddr(3) syntax) or a fully-qualified domain name which will be resolved. If preceded by @, the value is used as a
literal string and will not be resolved. To support opaque identifiers (usually of type ID_KEY_ID, such as used by Cisco to
specify Group Name, use square brackets, eg rightid=@[GroupName].
So try: rightid=@[AmnasAdmin]
> Secrets file looks like this (key replaced with x's):
> 62.231.251.146 @jserinki7 : PSK "xxxxxxxxx"
These would have to match up the IDs, so:
@[AmnasAdmin] @jserinki7 : : PSK "xxxxxxxxx"
Paul
More information about the Swan
mailing list