[Openswan Users] another roadwarrior problem
Jacco de Leeuw
jacco2 at dds.nl
Sat Feb 12 12:53:59 CET 2005
Dominik Schmid wrote:
> I have a Linux Machine with a interface and one virtual ip address:
>
> gateway 192.168.0.1------ 192.168.0.0/24 -----(virtual ip)- 192.168.0.12
> linux-box x.x.x.1 ----------------------------- x.x.x.15
It is probably safer to mask out your public IP addresses. There are
cases where security through obscurity is better :-).
> cannot respond to IPsec SA request because no connection is known for
> 194.11.222.1[C=CH, ST=anywhere, L=anywhere, O=dominik, OU=dominik,
> CN=Dominik Schmid, E=dominik_schmid at gmx.ch]:17/0...194.11.222.15[C=CH,
> ST=anywhere, L=anywhere, O=client, OU=client, CN=client, E=client]:17/1701
You are attempting to connect from XP with an L2TP/IPsec connection.
That is what you want? You'll need an L2TP daemon then too.
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You probably need to exclude your own internal subnet, i.e. change it to:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,
%v4:192.168.0.0/16,%v4:!192.168.0.0/24
(all on one line)
> conn roadwarrior-l2tp
> type=transport
> left=%defaultroute
> leftcert=dominik.schmid.ch.pem
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> pfs=no
> auto=add
>
> conn roadwarrior-l2tp-oldwin
> left=%defaultroute
> leftcert=dominik.schmid.ch.pem
> leftprotoport=17/0
> right=%any
> rightprotoport=17/1701
> rightsubnet=vhost:%no,%priv
> pfs=no
> auto=add
I think you copied this from Nate Carlson's instructions
but the 'roadwarrior-l2tp' connection could need the line
'rightsubnet=vhost:%no,%priv' too. Nate, could you update this?
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list