[Openswan Users] Problems with WIndows XP roadwarrior and
openswan gateway using X.509 Certs
Paul Wouters
paul at xelerance.com
Tue Sep 14 09:45:26 CEST 2004
On Mon, 13 Sep 2004, Mike McLean wrote:
> conn kift-vpntestbox
> left=%any
> right=192.168.4.9
> rightca="C=US, S=Arizona, L=Phoenix, O=Century 21 Metro Alliance,
> CN=metro.libolt.net, Email=libolt at libolt.net"
> network=auto
> auto=start
> pfs=yes
Note that there is no rightsubnet in any of these, so I guess it
is meant to be a host-host tunnel. But on the openswan side all
conns include the rightsubnet, so this one will never come up.
> The following is my ipsec.conf portion for the openswan system
>
>
> conn kift-vpntestbox
> right=%any
> rightsubnet=192.168.24.0/24
> rightcert=kift.libolt.net.pem
> left=%defaultroute
> leftsubnet=192.168.25.0/24
I dont think you want the leftsubnet here.
> leftcert=vpntestbox.libolt.net.pem
> auto=add
> pfs=yes
>
> conn kift-vpntestbox-net
> leftsubnet=192.168.25.0/24
Since it appears here again.
> also=kift-vpntestbox
Paul
More information about the Users
mailing list