CentOS IPsec: We cannot identify ourselves with either end of this connection

2 votes
0 answers
4021 views
                          I have problem with IPsec on centOS.
While adding a connection using 

    ipsec auto --add cx

It gives 

    multiple ip addresses, using  127.0.0.1 on venet0

On using 

    ipsec auto --up cx

I get We cannot identify ourselves with either end of this connection.

ip addr output

    1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
    
    2: venet0:  mtu 1500 qdisc noqueue state UNKNOWN 
        link/void 
        inet 127.0.0.1/32 scope host venet0
        inet /32 brd  scope global venet0:0


ipsec.conf

    ## general configuration parameters ##
    
    config setup
    	plutodebug=none
            plutostderrlog=/var/log/pluto.log
            protostack=netkey
            nat_traversal=yes
            virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
            ## disable opportunistic encryption in Red Hat ##
            oe=off
    
    ## disable opportunistic encryption in Debian ##
    ## Note: this is a separate declaration statement ##
    #include /etc/ipsec.d/examples/no_oe.conf
    
    ## connection definition in Red Hat ##
    conn mazeed
    	authby=secret
            auto=start
            ike=aes256-sha
            auth=esp
            ## phase 1 ##
            keyexchange=ike
            ## phase 2 ##
            #phase2=esp
            #phase2alg=aes256-sha
            compress=no
            pfs=yes
            type=tunnel
            left=
            leftsubnet=192.168.30.10/24
            leftnexthop=%defaultroute
            right=
            rightsubnet=172.16.198.29/24


EDIT:
Ipsec Verify

    Verifying installed system and configuration files
    
    Version check and ipsec on-path                   	[OK]
    Libreswan U3.12/K(no kernel code presently loaded) on 2.6.32-46-pve
    Checking for IPsec support in kernel              	[FAILED]
    
     The ipsec service should be started before running 'ipsec verify'
    
    Pluto ipsec.conf syntax                           	[OK]
    Hardware random device                            	[N/A]
    Checking rp_filter                                	[OK]
    Checking that pluto is running                    	[OK]
     Pluto listening for IKE on udp 500               	[FAILED]
     Pluto listening for IKE/NAT-T on udp 4500        	[DISABLED]
     Pluto ipsec.secret syntax                        	[OK]
    Checking 'ip' command                             	[OK]
    Checking 'iptables' command                       	[OK]
    Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options          	[OK]
    Opportunistic Encryption                          	[DISABLED]
    
    ipsec verify: encountered 3 errors - see 'man ipsec_verify' for help


However all ports are open in firewall
                        
Asked by Akshit (21 rep)
Oct 4, 2016, 02:49 PM
Last activity: Oct 4, 2016, 03:18 PM
CentOS IPsec: We cannot identify ourselves with either end of this connection

Related Questions
