[Openswan Users] Problems with WIndows XP roadwarrior and openswan gateway using X.509 Certs

Paul Wouters paul at xelerance.com
Tue Sep 14 09:45:26 CEST 2004


On Mon, 13 Sep 2004, Mike McLean wrote:

> conn kift-vpntestbox
>         left=%any
>         right=192.168.4.9
>         rightca="C=US, S=Arizona, L=Phoenix, O=Century 21 Metro Alliance,
> CN=metro.libolt.net, Email=libolt at libolt.net"
>         network=auto
>         auto=start
>         pfs=yes

Note that there is no rightsubnet in any of these, so I guess it
is meant to be a host-host tunnel. But on the openswan side all
conns include the rightsubnet, so this one will never come up.

> The following is my ipsec.conf portion for the openswan system
>
>
> conn kift-vpntestbox
>        right=%any
>        rightsubnet=192.168.24.0/24
>        rightcert=kift.libolt.net.pem
>        left=%defaultroute
>        leftsubnet=192.168.25.0/24

I dont think you want the leftsubnet here.

>        leftcert=vpntestbox.libolt.net.pem
>        auto=add
>        pfs=yes
>
> conn kift-vpntestbox-net
>        leftsubnet=192.168.25.0/24

Since it appears here again.

>        also=kift-vpntestbox


Paul


More information about the Users mailing list