[Openswan Users] no default routes
Chris McKeever
techjedi at gmail.com
Mon Sep 20 12:25:48 CEST 2004
On Mon, 20 Sep 2004 17:53:33 +0200 (MET DST), Paul Wouters
<paul at xelerance.com> wrote:
> On Mon, 20 Sep 2004, Chris McKeever wrote:
>
> > this is where it gets tricky -- 192.168.0.254 is the gateway to the
> > internet - let me add more detail to my diagram
> >
> >
> > client(192.168.250.20)
> > |
> > |
> > WLAN/SWITCH (192.168.250.0/24)
> > |
> > |
> > 192.168.250.1
> > /left gateway running openswan/
> > 192.168.0.13
> > |
> > |
> > LAN/SWITCH (192.168.0.0/24)
> > |
> > |
> > 192.168.0.254 - GATEWAY
> > |
> > |
> > INTERNET
>
> Okay, definately use nexthop=192.168.250.20 or try type=%direct,
> since you don't want to go towards the defaultroute (and pick the
> wrong interface)
>
> > conn statis
> >
> > left=192.168.250.1
> >
> > leftsubnet=192.168.0.0/24
> >
> > leftnexthop=192.168.250.10
> >
> > right=192.168.200.10
> >
> > rightsubnet=192.168.200.0/24
> >
> > rightnexthop=192.168.250.1
>
> You cannot have right and rightsubnet in the same network. You'd
> be setting up a tunnel within itself? In this setup, you can only
> have the client itself connect through a roadwarrior to the leftsubnet,
> but it cannot use 192.168.200.10 to tunnel 192.168.200.0/24
>
> > #< /etc/ipsec.secrets 1
> >
> > 192.168.250.1 192.168.250.10 : PSK "[sums to 23cd...]"
> >
> > 192.168.250.1 %any : PSK "[sums to 23cd...]"
>
> You did not define authby=secret, so openswan is using rsa.
>
where is authby defined?? Is there a good howto regarding it (I
unfortunately have not found any definitive howto) openswan does
complain when I dont have the right PSK in the ipsec.secrets file --
> [ not debugging firewall rules ]
>
> > Sep 20 01:33:25 smoothwall pluto[15615]: packet from
> > 192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
> > Security IPSEC Express version 4.1.0]
> >
> > Sep 20 01:33:25 smoothwall pluto[15615]: packet from
> > 192.168.250.10:500: initial Main Mode message received on
> > 192.168.250.1:500 but no connection has been authorized with
> > policy=PSK
>
> SSH sentinal wants to use PSK's, but you didn't tell openswan to
> use PSK, so it is using rsa and rejects this connection.
>
Is there any howto on conifugring openswan with PSK v. RSA?
Thanks for your help! baby steps!
> Paul
>
More information about the Users
mailing list