Charles, >It sounds like IPSec isn't finding the proper secret to use unless the >secret is tagged with the remote IP. Are you assigning connection ID's in >ipsec.conf? IPSec will use the IP as a default ID if you don't assign one >manually. I typically use unresolved names as a connection ID, rather than >IP addresses...they are easier for me to remember (and make sense of). >IIRC, there may also be some limitations on using pre-shared-secrets vs. RSA >signature keys...which are you trying to use? > >Try something like: > >[EMAIL PROTECTED] >[EMAIL PROTECTED] > >in your connection description at both ends... > >If that doesn't help, you'll probably have to provide your ipsec.conf and >ipsec.secrets file for inspection (remove/alter any private info from >ipsec.secrets before posting, but keep it otherwise intact).
I am using shared secrets. I will at one point want to try the RSA encryption but I have experience with shared secrets and figured to start there and then go to RSA. In my previous experience with Free/SWAN (v. 1.34 I believe) I would specify 0.0.0.0 for anyone in the ipsec.secrets file on the static gateway and 127.0.0.1 for local IP on the dynamic gateway. I have not seen this instructed at all for the v1.91 with which I am working. What should the ipsec.secrets file be for the static and dynamic gateways. I currently have this for both: 216.29.35.154 0.0.0.0:PSK "secretgoeshere" If you like I will provide the files. Jason Massey _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
