View Single Post
  #6   (View Single Post)  
Old 21st July 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have never used Shrew, and cannot assist you with that side of your configuration.
----
Correct your ipsec.conf settings:
  1. dynamic is an incorrect IKE mode. I recommend passive mode. Quoting the ipsec.conf(5) man page, red highlights mine:
    Quote:
    When passive is specified, isakmpd(8) will not immediately start negotiation of this tunnel, but wait for an incoming request from the remote peer. When active or dynamic is specified, negotiation will be started at once. The dynamic mode will additionally enable Dead Peer Detection (DPD) and use the local hostname as the identity of the local peer, if not specified by the srcid parameter. dynamic mode should be used for hosts with dynamic IP addresses like road warriors or dialup hosts.
  2. The addresses in the ike configuration describe IP packets which get placed under ESP or AH protocols. You have described "any to any" but you do not define peers; peers are the tunnel end points.
  3. One of your tunnel end points (peers) is 192.168.0.111. The other is the address of your workstation. The man page says:
    Quote:
    The peer parameter specifies the address or FQDN of the remote end-point. For host-to-host connections where dst is identical to remote, this option is generally not needed as it will be set to dst automatically. If it is not specified or if the keyword any is given, the default peer is used.
    Yours is not a host-to-host connection, it is, instead, any-to-any. Your error message stated
    Quote:
    no address configured for "peer default"
    Try adding a peer parameter to your ike statement.
Reply With Quote