[Openswan Users] no default routes
Paul Wouters
paul at xelerance.com
Mon Sep 20 18:53:33 CEST 2004
On Mon, 20 Sep 2004, Chris McKeever wrote:
> this is where it gets tricky -- 192.168.0.254 is the gateway to the
> internet - let me add more detail to my diagram
>
>
> client(192.168.250.20)
> |
> |
> WLAN/SWITCH (192.168.250.0/24)
> |
> |
> 192.168.250.1
> /left gateway running openswan/
> 192.168.0.13
> |
> |
> LAN/SWITCH (192.168.0.0/24)
> |
> |
> 192.168.0.254 - GATEWAY
> |
> |
> INTERNET
Okay, definately use nexthop=192.168.250.20 or try type=%direct,
since you don't want to go towards the defaultroute (and pick the
wrong interface)
> conn statis
>
> left=192.168.250.1
>
> leftsubnet=192.168.0.0/24
>
> leftnexthop=192.168.250.10
>
> right=192.168.200.10
>
> rightsubnet=192.168.200.0/24
>
> rightnexthop=192.168.250.1
You cannot have right and rightsubnet in the same network. You'd
be setting up a tunnel within itself? In this setup, you can only
have the client itself connect through a roadwarrior to the leftsubnet,
but it cannot use 192.168.200.10 to tunnel 192.168.200.0/24
> #< /etc/ipsec.secrets 1
>
> 192.168.250.1 192.168.250.10 : PSK "[sums to 23cd...]"
>
> 192.168.250.1 %any : PSK "[sums to 23cd...]"
You did not define authby=secret, so openswan is using rsa.
[ not debugging firewall rules ]
> Sep 20 01:33:25 smoothwall pluto[15615]: packet from
> 192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
> Security IPSEC Express version 4.1.0]
>
> Sep 20 01:33:25 smoothwall pluto[15615]: packet from
> 192.168.250.10:500: initial Main Mode message received on
> 192.168.250.1:500 but no connection has been authorized with
> policy=PSK
SSH sentinal wants to use PSK's, but you didn't tell openswan to
use PSK, so it is using rsa and rejects this connection.
Paul
More information about the Users
mailing list