Using openswan on raspian get "We cannot identify ourselves with either end of this network"

0

I just spent several hours fighting with Raspberry Pi 3 to get it to connect to my VPN at work. I got OpenSwan installed and (apparently) configured, and also xl2ptd. After starting the services and trying to bring up a connection, I kept getting the message 022 "MyConn": We cannot identify ourselves with either end of this connection.

I had left in the configuration file set to %defaultroute and right sent to the proper public IP of the server.

How to get past this error?

Brick

Posted 2016-10-15T02:06:17.487

Reputation: 173

Answers

0

In my case at least, the problem was that I had protostack=auto in the config setup section of /etc/ipsec.conf, which is how it came by default. The corresponding comment in the default configuration file suggests this should work: "which IPsec stack to use. auto will try netkey, then klips then mast".

In fact, the problem was that auto apparently does not work as advertised. I changed it explicitly to protostack=netkey and it worked. Credit to this thread that did ultimately have this answer, although it took a long time to find it amongst the many configurations on the web and the apparently many causes for this error message.

I should also give a nod to this post, which also addressed the same error. The author there tracked it to the fact that NETKEY was not loading. I followed his suggestions and executed the command modprobe af_key, which did, in the logs, appear to get me past the problem of not having NETKEY start. As noted above, that wasn't sufficient for me though as I continued to get the same error after doing this as before. I cannot, therefore, be certain if this was an additional necessary step or a red herring in my case.

Brick

Posted 2016-10-15T02:06:17.487

Reputation: 173

Asked: 2016-10-15T02:06:17.487

Viewed: 2 218 times

Active: 2016-10-15T02:06:17.487