[Openswan Users] openswan and red hat enterprise

Stephen Wong stephen.wong at avacue.com
Fri Apr 2 12:28:25 CEST 2004


The IPSEC connection seems to be having a lot of inconsistance problem.

With exact the same config, and change to preshare secret instead of X509
certificate, the connection can then be successfully established but cannot
even ping the remote host.  Tcpdump found no packet except the esp packets.
I suppose the esp packet will be decoded to normal packets when it goes in
the vpn server.

Please kindly help.

Thanks.

----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Stephen Wong" <stephen.wong at avacue.com>
Cc: <users at lists.openswan.org>
Sent: Thu, Apr 01, 2004 20:10
Subject: Re: [Openswan Users] openswan and red hat enterprise


> On Thu, 1 Apr 2004, Stephen Wong wrote:
>
> > conn rwarrior
> >         leftsubnet=10.0.0.0/8
> >         auto=add
> >         pfs=yes
>
> I dont think you mean to say that the roadwarrior has the entire 10/8
> space behind it. I also didn't see any virtual_private line or a
> subnetwithin statement anywhere.
>
> Read the X.509 documentation on how to configure one of those.
>
> Paul
>



More information about the Users mailing list