[Openswan Users] Connectivity problem...

Yiannis Mavroukakis yiannis at jaguarfreight.com
Tue Aug 30 12:39:16 CEST 2005 

Doh!..it's the ,!%v4:192.168.5.0/8 that messed it up...Openswan has come
up without that error
in the logs, so I'll test once I am home :) what's the correct syntax
for this anyway? 

Thanks for the heads up,

Yiannis

-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Yiannis Mavroukakis
Sent: 30 August 2005 11:27
To: users at openswan.org
Subject: RE: [Openswan Users] Connectivity problem...

I just realised I missed posting that..

Here you go.

========
version 2.0

config setup
 interfaces=%defaultroute
 nat_traversal=yes
 uniqueids=yes
 virtual_private=%v4:192.168.0.0/16,!%v4:192.168.5.0/8

conn %default
 keyingtries=1
 compress=yes
 disablearrivalcheck=no
 authby=rsasig
 leftrsasigkey=%cert
 rightrsasigkey=%cert

conn roadwarrior-l2tp
 pfs=no
 leftprotoport=17/0
 rightprotoport=17/1701
 also=roadwarrior

conn roadwarrior-l2tp-updatedwin
 pfs=no
 leftprotoport=17/1701
 rightprotoport=17/1701
 also=roadwarrior

conn roadwarrior
 left=%defaultroute
 leftcert=chandra.pem
 right=%any
 rightsubnet=vhost:%no,%priv
 auto=add

include /etc/ipsec.d/examples/no_oe.conf ===========


-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl] 
Sent: 30 August 2005 11:25
To: users at openswan.org
Subject: Re: [Openswan Users] Connectivity problem...

On Tue, Aug 30, 2005 at 11:09:49AM +0100, Yiannis Mavroukakis wrote:
 
> I've got the exact same setup to work on my home server, so I tried to

> copy it on to our office firewall, so I can establish a roadwarrior
setup.
> 
> Aug 29 09:37:43 firewall pluto[29266]: 1 bad entries in 
> virtual_private
> - none loaded

You did not post your ipsec.conf but it seems there is a typo or
something in the virtual_private line. The Windows client appears to be
NATed so this is essential:

> Aug 29 09:38:08 firewall pluto[29266]: "roadwarrior-l2tp"[1] 
> 83.x.x.241
> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer

> is NATed

Jacco
-- 
Jacco de Leeuw            mailto:jacco2 at dds.nl
Zaandam, The Netherlands  http://www.jacco2.dds.nl

________________________________________________________________________
This e-mail has been scanned for all known viruses.

Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all known viruses.
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users

________________________________________________________________________
This e-mail has been scanned for all known viruses.

Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all known viruses.

More information about the Users mailing list