[Openswan Users] Tunnel up but no routing

Paul Wouters paul at xelerance.com
Fri Feb 4 23:40:26 CET 2005


On Fri, 4 Feb 2005 tomk at runbox.com wrote:

>> conn n2n
>>         authby=secret
>>         right=%any
>>         rightsubnet=192.168.0.0/24
>>         pfs=yes
>>         auto=add

Combining PSK and raodwarriors is asking for trouble. If this is openswan
to openswan, I recommend using authby=rsasigkey

> The leftsubnet and rightsubnet parameters need to be the same at both ends of the tunnel, Joern - you have them swapped around i.e. the first machine has

No that is not true. You can swap them if you want. Pluto at startup will figure
out automaticly whether it is right or left.

>         left=%defaultroute
>         leftsubnet=192.168.130.0/24
>
>         right=%any
>         rightsubnet=192.168.0.0/24

However, telling pluto that both right and left can be anything is too difficult for pluto :)
If both ends are on dynamic IP, then you might be better of using some free dns servce
and changing them to right/left=whateverhost.someservicedns.com.
Or use right=213.23.124.193. since you use that below.

> and the second machine has

>         left=%defaultroute
>         leftsubnet=192.168.0.0/24
>
>         right=213.23.124.193
>         rightsubnet=192.168.130.0/24
>
> Incidentally, it's probably not the best idea to post your public IP address to a public mailing list.

Are you saying our pluto daemon has a remote vulnerability we don't know about? :)

Paul


More information about the Users mailing list