[Openswan Users] ipsec.secrets
Paul Wouters
paul at xelerance.com
Sat May 8 15:04:12 CEST 2004
On Fri, 7 May 2004, Bastien Rocheron wrote:
> conn roadwarrior-net
> leftsubnet=192.168.1.0/24
> also=roadwarrior
>
> conn roadwarrior
> left=192.168.1.10
> leftcert=host.mynet.net.pem
> #right=%defaultroute
> right=192.168.1.1
> rightcert=gateway.mynet.net.pem
> auto=start
> pfs=yes
This cannot work. Both ends of the roadwarrior are within the
192.168.1.0/24 range, and you're making a subnet for that same
range.
> conn roadwarrior-allnet
> leftsubnet=0.0.0.0/0
> also=roadwarrior
>
> conn roadwarrior
> right=%any
> left=192.168.1.1
> leftcert=gateway.mynet.net.pem
> auto=add
> pfs=yes
And the subnet definitions do not match on client and server.
Paul
More information about the Users
mailing list