[Openswan Users] openswan and red hat enterprise
Paul Wouters
paul at xelerance.com
Fri Apr 2 11:41:59 CEST 2004
On Fri, 2 Apr 2004, Stephen Wong wrote:
> With exact the same config, and change to preshare secret instead of X509
> certificate, the connection can then be successfully established
Then you will likely still have an error in your certificate setup.
> but cannot
> even ping the remote host. Tcpdump found no packet except the esp packets.
> I suppose the esp packet will be decoded to normal packets when it goes in
> the vpn server.
These are other problems. Run 'ipsec verify' on the vpnserver for some hints.
This could be a firewalling issue, a forwarding issue, or a packet mangle issue
(NATing ipsec packets by accident), etc etc.
Paul
> Please kindly help.
>
> Thanks.
>
> ----- Original Message -----
> From: "Paul Wouters" <paul at xelerance.com>
> To: "Stephen Wong" <stephen.wong at avacue.com>
> Cc: <users at lists.openswan.org>
> Sent: Thu, Apr 01, 2004 20:10
> Subject: Re: [Openswan Users] openswan and red hat enterprise
>
>
> > On Thu, 1 Apr 2004, Stephen Wong wrote:
> >
> > > conn rwarrior
> > > leftsubnet=10.0.0.0/8
> > > auto=add
> > > pfs=yes
> >
> > I dont think you mean to say that the roadwarrior has the entire 10/8
> > space behind it. I also didn't see any virtual_private line or a
> > subnetwithin statement anywhere.
> >
> > Read the X.509 documentation on how to configure one of those.
> >
> > Paul
> >
>
--
It's amazing how quickly someone can go from talking about being on the
cutting edge, and fighting for freedom and liberty and information wants
to be free, to becoming a total right wing reactionary censorship wacko,
if naked girls are involved. --- Aaron, producer of haxxxor
More information about the Users
mailing list