o;?On Thu, 2008-11-06 at 23:07 +0100, Felipe Alfaro Solana wrote: > On Thu, Nov 6, 2008 at 9:39 AM, Louis Opter <[EMAIL PROTECTED]> wrote: > > Hello, > > > > I am trying to set up an ipsec vpn between two networks. But, I can't > > figure out why it doesn't work. > > > > I get some errors like (here on the "malenfant gate", see network map > > below) : > > Plcy 30 keynote_cert_obtain: failed to open > > "/etc/isakmpd/keynote//192.168.1.159/credentials" > > Default rsa_sig_decode_hash: no public key found > > Default dropped message from $dugny_addr port 4500 due to notification > > type INVALID_ID_INFORMATION > > These messages typically mean that the identifiers used by the peers > do not match. Try adding "srcid foo" and "dstid bar" on your ike esp > tunnel lines: > > - on nemoto : > st_cyr_net="192.168.2.0/24" > dugny_net="192.168.3.0/24" > st_cyr_addr="xx.xx.xx.xx" > ike esp tunnel from $dugny_net to $st_cyr_net peer $st_cyr_addr srcid > nemoto dstid malenfant > > - on malenfant : > st_cyr_net="192.168.2.0/24" > dugny_net="192.168.3.0/24" > dugny_addr="yy.yy.yy.yy" > ike esp tunnel from $st_cyr_net to $dugny_net peer $dugny_addr srcid > malenfant dsitd nemoto
I don't have domain name for the gateways :/. > Also, if your machine is multi-homed, you will probably want to > specify "local" to remove any ambiguity with respect the source IP > address that will be used in the outer (encapsulating) IP datagram. The gateways are not multi-homed. Best Regards, Louis Opter.
