hello.. I did the same thing u told. but in that case it is showing same "received AUTHENTICATION_FAILED notify error". plz take a look at moon(ishan) "ipsec.conf"
ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup crlcheckinterval=600 strictcrlpolicy=no plutostart=no # Add connections here. conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 # Sample VPN connections conn host-host left=192.168.3.3 leftcert=ishanCert.pem leftid="C=AU, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, E= ishansharm...@gmail.com" right=192.168.3.4 rightid="C=AU, O=Mincom Pty. Ltd., OU=rvce, CN=abhishek, E= abhis...@gmail.com" auto=start ------------------------------- as shown in README (quick start-> host-host) left should be i.e. left=%defaultroute. what does this mean. Is it default route (gateway)? if it is wrong plz tell me how to remove the error "no default route - cannot cope with %defaultroute!!! " at the time when i start ipsec i.e. "ipsec start". actually i remove this error by setting up sun(abhishek) etho as 192.168.3.4/255.255.255.0 (default route: 192.168.3.4). and moon(ishan) eth0 as 192.168.3.3/255.255.255.0 (default route 192.168.3.3). is this a wrong setup? with regards Abhishek Kumar On Wed, Mar 11, 2009 at 8:53 PM, Daniel Mentz < danielml+mailinglists.strongs...@sent.com<danielml%2bmailinglists.strongs...@sent.com> > wrote: > Thanks for this data. > > First of all, the DN > > C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, E= > ishansharm...@gmail.com > > does NOT match > > C=AU, O=Mincom Pty. Ltd., CN=ishan > > If you want to use wildcards, then you have to specify them explicitly. > Otherwise you have to name all RDNs explicitly. Let's take a look at > ipsec.conf at sun (=abhishek): > > conn host-host > left=192.168.3.3 > leftcert=abhishekCert.pem > leftid="C=AU, O=Mincom Pty. Ltd., CN=ishan" > right=192.168.3.4 > rightid="C=AU, O=Mincom Pty. Ltd., CN=abhishek" > auto=add > > > Which side is local and which is remote? I guess that right is local > because the local IP address of eth0 is 192.168.3.4. You need to specify the > local certificate with rightcert= in this case. Talking about the left side: > You set leftid to ishan and the leftcert to abhishek. This is inconsistent. > Also, you don't need to set leftcert= at all, because abhishek gets the > certificate of ishan during negotiation via IKEv2. > > Try this: > > conn host-host > left=192.168.3.3 # remote > leftid="C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan, E= > ishansharm...@gmail.com" > right=192.168.3.4 # local > rightcert=abhishekCert.pem # local > auto=add > > Regards, > Daniel > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users