On 12/3/10 1:39 PM, Trever L. Adams wrote: > Hello Everyone, > > I have been struggling to get OpenSWAN to work. I am trying to get a > setup going with the following: > > Router<--> Router, IPSec only, Pre-shared keys or certs (ESP, tunnel or Get this to work in tunnel mode first. > not) > Router<--> Android Phones, IPSec/L2TP, Pre-shared keys (the certs is a > lot of messing around that I am not comfortable doing yet with other > people's phones Your second comment is very true. Also, you should avoid shared secrets if you can. I would recommend going with the certificate method as it is easier to update as well. You did point out that you do not have full control of them. > I haven't yet tried Router to Router as I have seen it said that it is > best to get the PSK w/ L2TP working first. The error I get (sorry, don't > have the phone to test with and I can't find it in the logs at the > moment) says something about not finding a valid pair and ignoring the > connection on port 500. > It is looking for certificates, not a pre-shared key. Certificates are the default method. As to getting your own Certificate Authority on the phones, that should not be hard. Look for a good Android guide and it should point out how to do this. You may be able to fall back on a Linux guide if you can root the box... James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
