On Mon, 23 Mar 2015, John Serink wrote:
002 "Oman" #1: Aggressive mode peer ID is ID_KEY_ID: '@#0x416d6e617341646d696e'
003 "Oman" #1: no suitable connection for peer '@#0x416d6e617341646d696e'
It's using ID_KEY_ID as type.
conn Oman
[...]
rightid=@AmnasAdmin
[...]
But you are using type FQDN.
From the ipsec.conf man page:
leftid
how the left participant should be identified for authentication;
defaults to left. Can be an IP address (in any
ipsec_ttoaddr(3) syntax) or a fully-qualified domain name which will
be resolved. If preceded by @, the value is used as a
literal string and will not be resolved. To support opaque
identifiers (usually of type ID_KEY_ID, such as used by Cisco to
specify Group Name, use square brackets, eg rightid=@[GroupName].
So try: rightid=@[AmnasAdmin]
Secrets file looks like this (key replaced with x's):
62.231.251.146 @jserinki7 : PSK "xxxxxxxxx"
These would have to match up the IDs, so:
@[AmnasAdmin] @jserinki7 : : PSK "xxxxxxxxx"
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
