[Openswan Users] X.509 - cannot respond to SA
Robert W. Burgholzer
rburgholzer at maptech-inc.com
Wed Feb 2 11:10:24 CET 2005
OK,
Ahh, sorry, I had your subnets backward, now I see that your roadwarrior is
the right subnet. Try restoring the "leftsubnet=192.168.0.0/24" that you
previously had, and add a line in the "conn roadwarrior" for
"rightsubnetwithin=192.168.0.0/16". I think this may do the trick.
r.b.
At 03:43 PM 2/2/2005 +0000, you wrote:
>Robert W. Burgholzer wrote:
>>Antony,
>>The "===192.168.168.10/32" means "with a private address of 192.168.168.10".
>
>Yes, that's the IP address of the peer.
>
>>The problem is that in your road-warrior connection definition, your
>>subnet is restricted to only the 192.168.0.X network.
>
>But that relates to the subnet behind the host (the other end), which is
>indeed 192.168.0.x.
>
>>Now, I use Linux FreeS/WAN 2.04, so it could be different in your distro,
>>but, if you change the definition from leftsubnet to leftsubnetwithin and
>>include a less restrictive netmask:
>>conn roadwarrior
>> left=%defaultroute
>> leftsubnetwithin=192.168.0.0/16
>> leftcert=/etc/ssl/certs/vpnbox_cert.pem
>> right=%any
>> rightcert=/etc/ssl/certs/rw_cert.pem
>> auto=add
>> pfs=yes
>>
>>it should work.
>
>I did try this, but unfortunately it made no difference at all. Any idea
>what else I can try?
>
>Antony
Robert Burgholzer
Environmental Engineer
MapTech Inc.
phone: 804-869-3066
http://www.maptech-inc.com/
More information about the Users
mailing list