[Openswan Users] Connectivity problem...
Yiannis Mavroukakis
yiannis at jaguarfreight.com
Tue Aug 30 12:39:16 CEST 2005
Doh!..it's the ,!%v4:192.168.5.0/8 that messed it up...Openswan has come
up without that error
in the logs, so I'll test once I am home :) what's the correct syntax
for this anyway?
Thanks for the heads up,
Yiannis
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Yiannis Mavroukakis
Sent: 30 August 2005 11:27
To: users at openswan.org
Subject: RE: [Openswan Users] Connectivity problem...
I just realised I missed posting that..
Here you go.
========
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
uniqueids=yes
virtual_private=%v4:192.168.0.0/16,!%v4:192.168.5.0/8
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/0
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-l2tp-updatedwin
pfs=no
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=chandra.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
include /etc/ipsec.d/examples/no_oe.conf ===========
-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl]
Sent: 30 August 2005 11:25
To: users at openswan.org
Subject: Re: [Openswan Users] Connectivity problem...
On Tue, Aug 30, 2005 at 11:09:49AM +0100, Yiannis Mavroukakis wrote:
> I've got the exact same setup to work on my home server, so I tried to
> copy it on to our office firewall, so I can establish a roadwarrior
setup.
>
> Aug 29 09:37:43 firewall pluto[29266]: 1 bad entries in
> virtual_private
> - none loaded
You did not post your ipsec.conf but it seems there is a typo or
something in the virtual_private line. The Windows client appears to be
NATed so this is essential:
> Aug 29 09:38:08 firewall pluto[29266]: "roadwarrior-l2tp"[1]
> 83.x.x.241
> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer
> is NATed
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
________________________________________________________________________
This e-mail has been scanned for all known viruses.
Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all known viruses.
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
________________________________________________________________________
This e-mail has been scanned for all known viruses.
Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all known viruses.
More information about the Users
mailing list