[Openswan Users] Openswan connection difficulties
Paul Wouters
paul at xelerance.com
Wed Jun 30 15:01:35 CEST 2004
On Wed, 30 Jun 2004, Steve Wakelin wrote:
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> conn roadwarrior-net-1
> leftsubnet=172.16.200.1/32
> also=roadwarrior
Note that you can't have a subnet range in use that you also accept as virtual_private
(eg NATed space on the other end). You should exclude it using !%v4:172.16.200.0/24
> conn roadwarrior-net-2
> leftsubnet=172.168.200.2/32
> also=roadwarrior
This one has 172.168, probably not what you intended.
> C:\ipsec>type ipsec.conf
> conn roadwarrior
> left=%any
> leftsubnet=192.168.2.0/255.255.255.0
I do not see the subnet range defined on the server. You are probably confused
into thinking you need to supply your natted range? You can't have multiple
roadwarriors connecting with the same subnet on their end.
> right=213.232.93.110
> rightsubnet=172.16.200.1/255.255.255.255
See remark about virtual_private.
Paul
--
<Reverend> IRC is just multiplayer notepad.
More information about the Users
mailing list