[Openswan Users] ipsec.secrets

Bastien Rocheron bastien.rocheron at free.fr
Fri May 14 10:16:14 CEST 2004


well, thanks a lot, I'm trying to fix it

Bastien Rocheron

Sat, 8 May 2004 14:04:12 +0200 (MET DST)
Paul Wouters <paul at xelerance.com> Message original :

> On Fri, 7 May 2004, Bastien Rocheron wrote:
> 
> > conn roadwarrior-net
> >         leftsubnet=192.168.1.0/24
> >         also=roadwarrior
> > 
> > conn roadwarrior
> >         left=192.168.1.10
> >         leftcert=host.mynet.net.pem
> >         #right=%defaultroute
> >         right=192.168.1.1
> >         rightcert=gateway.mynet.net.pem
> >         auto=start
> >         pfs=yes
> 
> This cannot work. Both ends of the roadwarrior are within the
> 192.168.1.0/24 range, and you're making a subnet for that same
> range. 
>  
> > conn roadwarrior-allnet
> >         leftsubnet=0.0.0.0/0
> >         also=roadwarrior
> > 
> > conn roadwarrior
> >         right=%any
> >         left=192.168.1.1
> >         leftcert=gateway.mynet.net.pem
> >         auto=add
> >         pfs=yes
> 
> And the subnet definitions do not match on client and server.
> 
> Paul 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040514/a6174a37/attachment.bin


More information about the Users mailing list