[Openswan Users] Openswan connection difficulties
Steve Wakelin
steve at wcsl.net
Wed Jun 30 16:35:56 CEST 2004
New connection is now registered - typo on my part apologies
However
conn sisl
left=213.232.93.110
leftsubnet=172.16.200.2/32
leftcert=www.sfpost.net.pem
right=%any
rightcert=mail.sis-l.com.pem
leftprotoport=17/0
rightprotoport=17/1701
auto=add
pfs=no
Jun 30 15:26:31 p4-7165 pluto[15750]: "sisl"[3] 62.49.34.242 #3: cannot
respond to IPsec SA request because no connection is known for
213.232.93.110[C=GB, ST=Hertfordshire, L=Harpenden, O=WCSL, OU=sfbackup,
CN=www.sfpost.net, E=support at wcsl.net,S=C]:17/0...62.49.34.242[C=GB,
ST=Hertfordshire, L=Harpenden, O=WCSL, OU=sfbackup, CN=mail.sis-l.com,
E=support at wcsl.net,S=C]:17/1701
Regards
/Steve
-----Original Message-----
From: users-bounces at lists.openswan.org
[mailto:users-bounces at lists.openswan.org] On Behalf Of Steve Wakelin
Sent: 30 June 2004 14:46
To: Paul Wouters
Cc: Openswan Users
Subject: RE: [Openswan Users] Openswan connection difficulties
I have now created a second connection identical to the first for
another external device and when I restart ipsec this description does
not get added ;-(.
Clarification please in case I'm totally loosing the plot.
Is it possible to have multiple clients accessing different subnets
behind the ipsec router? Even thought these are /32 networks?
Regards
/Steve
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: 30 June 2004 13:02
To: Steve Wakelin
Cc: Openswan Users
Subject: Re: [Openswan Users] Openswan connection difficulties
On Wed, 30 Jun 2004, Steve Wakelin wrote:
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> conn roadwarrior-net-1
> leftsubnet=172.16.200.1/32
> also=roadwarrior
Note that you can't have a subnet range in use that you also accept as
virtual_private
(eg NATed space on the other end). You should exclude it using
!%v4:172.16.200.0/24
> conn roadwarrior-net-2
> leftsubnet=172.168.200.2/32
> also=roadwarrior
This one has 172.168, probably not what you intended.
> C:\ipsec>type ipsec.conf
> conn roadwarrior
> left=%any
> leftsubnet=192.168.2.0/255.255.255.0
I do not see the subnet range defined on the server. You are probably
confused
into thinking you need to supply your natted range? You can't have
multiple
roadwarriors connecting with the same subnet on their end.
> right=213.232.93.110
> rightsubnet=172.16.200.1/255.255.255.255
See remark about virtual_private.
Paul
--
<Reverend> IRC is just multiplayer notepad.
_______________________________________________
Users mailing list
Users at lists.openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list