[Openswan Users] ipsec.secrets

Paul Wouters paul at xelerance.com
Sat May 8 15:04:12 CEST 2004


On Fri, 7 May 2004, Bastien Rocheron wrote:

> conn roadwarrior-net
>         leftsubnet=192.168.1.0/24
>         also=roadwarrior
> 
> conn roadwarrior
>         left=192.168.1.10
>         leftcert=host.mynet.net.pem
>         #right=%defaultroute
>         right=192.168.1.1
>         rightcert=gateway.mynet.net.pem
>         auto=start
>         pfs=yes

This cannot work. Both ends of the roadwarrior are within the
192.168.1.0/24 range, and you're making a subnet for that same
range. 
 
> conn roadwarrior-allnet
>         leftsubnet=0.0.0.0/0
>         also=roadwarrior
> 
> conn roadwarrior
>         right=%any
>         left=192.168.1.1
>         leftcert=gateway.mynet.net.pem
>         auto=add
>         pfs=yes

And the subnet definitions do not match on client and server.

Paul 



More information about the Users mailing list