If you define rightid=@ip-10-5-5-161 then your definition in ipsec.secrets should be
@ip-10-5-5-161 %any : PSK "Rel1439@RCM#123" Why don't you use IKEv2 which does all the leftsourceip stuff automatically and is much more robust in NAT situations? And please use aes128-sha1 in place of 3des-md5 Regards Andreas On 04/18/2011 11:49 AM, neil payne wrote: > Apologies, I forgot to attach my config files - I've since verified > packets are arriving from my source server (10.5.51.10) to my > firewall on the left but it doesn't even seem to try and encrypt the > traffic - any assistance or pointers would be greatly appreciated? > > > > > > On 17 Apr 2011, at 19:56, neil payne wrote: > >> >> Hi, I've been trying to set up a vpn (ike v1, site to site with >> PSK) for the last few weeks between two ubuntu hosts without >> success. I've tried the varying configuration options like using >> rightsubnetwithin instead of rightsubnet and testing from the >> firewalls using leftsourceip but nothing seems to generate >> interesting traffic. I have manually edited ipsec.conf and >> ipsec.secrets only, am I missing a fundamental step? I'm attaching >> the config files (ipsec.secrets contents appended to the end of >> ipsec.conf for convenience of attaching only 2 files here instead >> of 4), I don't see any traffic from the left firewall hitting the >> right firewall. The only peculiarity may be that the left firewall >> is within an Amazon cloud but I'm lead to believe this should not >> stop the ipsec tunnel from building - please help if you can? >> Regards, Neil. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
