<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>IPSec Install files</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16481" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=108074320-31102007>Still fails as below.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=108074320-31102007></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2>sh-3.1# ebtables
-t filter -I INPUT -p 0x0800 -ip-proto 50 -j ACCEPT<BR>Bad argument :
'50'.<BR>sh-3.1# ebtables -t filter -I INPUT -p 0x0800 -ip-proto 17 --ip-dport
500 -j ACC<BR>EPT<BR>Bad argument : '17'.</FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter McGill [mailto:petermcgill@goco.net]
<BR><B>Sent:</B> Wednesday, October 31, 2007 1:40 PM<BR><B>To:</B> Vuppula,
Srinivas<BR><B>Subject:</B> RE: [Openswan Users] IPSec auto up
error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=606323720-31102007><FONT face=Arial
color=#0000ff size=2>Correct reading a bit more of the man page for ebtables,
explains that it works at the ethernet level</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=606323720-31102007><FONT face=Arial
color=#0000ff size=2>not at the ip level so what you need is
actually...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=606323720-31102007><SPAN
class=313495418-31102007><SPAN class=808512313-30102007><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN class=313495418-31102007>eb</SPAN>tables -t
filter -I INPUT -p 0x0800 -ip-proto 50 -j ACCEPT #
ESP</FONT></FONT></FONT></SPAN>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN class=313495418-31102007>eb</SPAN>tables -t
filter -I INPUT -p <SPAN class=606323720-31102007>0x0800 -ip-proto
</SPAN><SPAN class=313495418-31102007>17</SPAN> --<SPAN
class=313495418-31102007>ip-</SPAN>dport 500 -j ACCEPT #
ISAKMP</FONT></FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><SPAN
class=606323720-31102007><FONT face=Arial color=#0000ff size=2>See <A
href="http://ebtables.sourceforge.net/ebtables-man.html">http://ebtables.sourceforge.net/ebtables-man.html</A> for
more details.</FONT></SPAN></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><SPAN
class=606323720-31102007><FONT face=Arial color=#0000ff size=2>Note what I said
before about OUTPUT chain still
applies.</FONT></SPAN></SPAN></DIV></SPAN></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT face=Arial
size=2></FONT><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas
[mailto:srinivas.vuppula@intel.com] <BR><B>Sent:</B> October 31, 2007 4:21
PM<BR><B>To:</B> petermcgill@goco.net<BR><B>Subject:</B> RE: [Openswan Users]
IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=666442020-31102007><FONT face=Arial
color=#0000ff size=2>well i had tried that and some other combinations but it
seems not </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=666442020-31102007><FONT face=Arial
color=#0000ff size=2>sh-3.1# ebtables -t filter -I INPUT -p 50 -j
ACCEPT<BR>Sorry, protocols have values above or equal to
0x0600.</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Wednesday, October 31, 2007
12:56 PM<BR><B>To:</B> Vuppula, Srinivas<BR><B>Subject:</B> RE: [Openswan
Users] IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007><FONT face=Arial
color=#0000ff size=2>I've never heard of it, however a quick internet
search to find the website and the manual describes it as an enhanced version
of iptables.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007><FONT face=Arial
color=#0000ff size=2>Although it looks less like an enhancement than an
alternative, it looks like the commands will need minimal
changes.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007><FONT face=Arial
color=#0000ff size=2>However the traffic you need to allow is all traffic to
and from protocol 50 (esp), note that's protocol 50 not port
50.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007><FONT face=Arial
color=#0000ff size=2>You also need to allow all traffic to and from udp
(protocol 17) on port 500 (isakmp).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007><FONT face=Arial
color=#0000ff size=2>Looks like the following will do the
trick.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=313495418-31102007>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN class=313495418-31102007>eb</SPAN>tables -t
filter -I INPUT -p 50 -j ACCEPT #
ESP</FONT></FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><FONT face=Arial><FONT
color=#0000ff><FONT size=2><SPAN class=313495418-31102007>eb</SPAN>tables -t
filter -I INPUT -p <SPAN class=313495418-31102007>17</SPAN> --<SPAN
class=313495418-31102007>ip-</SPAN>dport 500 -j ACCEPT #
ISAKMP</FONT></FONT></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=808512313-30102007><SPAN
class=313495418-31102007><FONT face=Arial color=#0000ff size=2>You may also
need to repeat those two lines substituting INPUT for OUTPUT if it still
doesn't work.</FONT></SPAN></SPAN></DIV></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas
[mailto:srinivas.vuppula@intel.com] <BR><B>Sent:</B> October 31, 2007 2:46
PM<BR><B>To:</B> petermcgill@goco.net<BR><B>Subject:</B> RE: [Openswan
Users] IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=118271018-31102007><FONT face=Arial
color=#0000ff size=2>This system seems to use ebtables instead. Do you know
the equivalent command to use with ebtables?</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Peter McGill
[mailto:petermcgill@goco.net] <BR><B>Sent:</B> Wednesday, October 31, 2007
6:33 AM<BR><B>To:</B> Vuppula, Srinivas<BR><B>Subject:</B> RE: [Openswan
Users] IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>Yes I think that is the cause, since your error is an
ICMP unreachable from your laptop computer,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>that leads me to suspect that your laptop may be
rejecting the IPSec packets, causing that error.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>Normally you'd fix that with iptables, but your system
seems unable to do that.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>It also seems that perl is also missing some files, and
that is why you cannot run ipsec verify.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>It will be difficult to fix your system without first
installing a more complete system on it, if possible.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>At the very least you'll need to be able to alter the
firewall rules. Is there some other way that the</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=515020613-31102007><FONT face=Arial
color=#0000ff size=2>embedded system gives you to alter the firewall rules?
You could use that to allow the ipsec traffic.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Vuppula, Srinivas
[mailto:srinivas.vuppula@intel.com] <BR><B>Sent:</B> October 30, 2007 8:34
PM<BR><B>To:</B> petermcgill@goco.net<BR><B>Subject:</B> RE: [Openswan
Users] IPSec auto up error<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV dir=ltr align=left><SPAN class=325122400-31102007><FONT face=Arial
color=#0000ff size=2>I got both static on either side.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=325122400-31102007><FONT face=Arial
color=#0000ff size=2>Here is what you asked.</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007></SPAN><FONT face=Arial><FONT
color=#0000ff><FONT size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT face=Arial><FONT color=#0000ff><FONT
size=2>Left system (laptop)</FONT></FONT></FONT></DIV>
<DIV><FONT size=+0><FONT color=#0000ff><FONT size=2><SPAN
class=325122400-31102007></SPAN></FONT></FONT></FONT><SPAN
class=325122400-31102007><FONT face=Arial color=#0000ff
size=2> sh-3.1# route -n<BR>Kernel IP routing
table<BR>Destination
Gateway
Genmask Flags Metric
Ref Use
Iface<BR>10.8.0.0
0.0.0.0
255.255.255.0 U
0
0 0
br0<BR>192.168.1.0
0.0.0.0
255.255.255.0 U
0
0 0
eth0<BR>192.168.10.0
0.0.0.0
255.255.255.0 U
0
0 0
br0<BR>169.254.0.0
0.0.0.0
255.255.0.0 U
0
0 0
eth0<BR>0.0.0.0
192.168.1.1
0.0.0.0
UG 0
0 0 eth0</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>sh-3.1#
ifconfig<BR>br0 Link
encap:Ethernet HWaddr
00:15:05:15:05:15<BR>
inet addr:192.168.10.20 Bcast:192.168.10.255
Mask:255.255.255.0<BR>
inet6 addr: fe80::215:5ff:fe15:515/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:121 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:12 errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:0<BR> RX
bytes:7496 (7.3 KiB) TX bytes:936 (936.0 b)</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>br0:1
Link encap:Ethernet HWaddr
00:15:05:15:05:15<BR>
inet addr:10.8.0.2 Bcast:10.8.0.255
Mask:255.255.255.0<BR>
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff
size=2>eth0 Link encap:Ethernet HWaddr
00:1C:05:C0:5C:05<BR>
inet addr:192.168.1.102 Bcast:192.168.1.255
Mask:255.255.255.0<BR>
inet6 addr: fe80::21c:5ff:fec0:5c05/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:256 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:134 errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:100<BR>
RX bytes:22956 (22.4 KiB) TX bytes:12352 (12.0
KiB)<BR> Base
address:0xdc00 Memory:ffa40000-ffa60000</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff
size=2>eth1 Link encap:Ethernet HWaddr
00:15:05:15:05:15<BR>
inet6 addr: fe80::215:5ff:fe15:515/64
Scope:Link<BR> UP
BROADCAST RUNNING MULTICAST MTU:1500
Metric:1<BR> RX
packets:72 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:238 errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:1000<BR>
RX bytes:6708 (6.5 KiB) TX bytes:18992 (18.5 KiB)</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff
size=2>lo Link encap:Local
Loopback<BR> inet
addr:127.0.0.1
Mask:255.0.0.0<BR>
inet6 addr: ::1/128
Scope:Host<BR> UP
LOOPBACK RUNNING MTU:16436
Metric:1<BR> RX
packets:13 errors:0 dropped:0 overruns:0
frame:0<BR> TX
packets:13 errors:0 dropped:0 overruns:0
carrier:0<BR>
collisions:0
txqueuelen:0<BR> RX
bytes:2812 (2.7 KiB) TX bytes:2812 (2.7 KiB)</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>Right System--This seems to be alright..It has been working between
another linux system</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>Attached file has the info.</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>I tried with all mentioned below. My laptop seems to be having
problem running iptables command to accept tcp and
udp.</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>sh-3.1# iptables -I INPUT -p 50 -j ACCEPT<BR>iptables v1.3.7:
Couldn't load target
`standard':/builddir/build/BUILD/xen-sv-al<BR>pha-15294/tmp-dist-sv/sosrd/lib/iptables/libipt_standard.so:
cannot open shared<BR>object file: No such file or
directory</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>Try `iptables -h' or 'iptables --help' for more
information.</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2>I guess its all because of this command failure that i do not get
the connection up. I do see libipt_standard.so in lib folder, but not at
the path it compalined above. Do you think being not able to execute
iptables command is the cause of all.</FONT></SPAN></DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=325122400-31102007>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>Show us your ifconfig and route -n outputs for both
hosts.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>How does the 192.168.1.102 address/host fit in,
is it the "road warrior" or gateway?</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007></SPAN><SPAN
class=425025820-30102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>Openswan doesn't really care how the host get's
it's IP address, so long as...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>a) The IP address is available before the Openswan
pluto daemon is started and</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>b) If the IP address is changed the Openswan
pluto daemon is immediately restarted.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>It does however matter when writing your
conf.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>If you have static addresses then put them in left
and right.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>If you have a dynamic address on one end then in it's
ipsec.conf put left=%defaultroute,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>and in the other ipsec.conf put right=%any
to handle the unknown/changing address.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>In this case you also must start the connection from
the side with the dynamic address.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>This is true anytime you write your conf files this
way even if both sides have static IPs,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>if for example your using a dynamic IP configuration
but testing it with a static IP.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>When Openswan documentation and the people on this
list talk about road warrior, we mean</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>one side of the tunnel has a dynamic IP, if you have
static IP's then it's a normal tunnel not road
warrior.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=425025820-30102007><FONT face=Arial
color=#0000ff size=2>(Althouth the configs are identical except for the
above mentions of left=%defaultroute and right=%any.)</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter
McGill</FONT></DIV></SPAN></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>