[Openswan Users] Selecting the right connection
lux
openswan at iotti.biz
Tue Jul 12 08:15:06 CEST 2005
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]On
> Behalf Of Jacco de Leeuw
> > conn roadwarrior-l2tp
> > type=transport
> > left=1.2.3.4
> > leftnexthop=1.2.3.5
> > leftprotoport=17/1701
> > right=%any
> > rightprotoport=17/1701
> > pfs=no
> > auto=add
>
> Also add:
>
> rightca=%same
> rightsubnet=vhost:%no,%priv
After doing some tests, I found that if I add the
rightsubnet=vhost:%no,%priv parameter and restart openswan, the connection
is not added on startup and the message "fatal error in "roadwarrior-l2tp":
type=transport incompatible with rightsubnet" is logged to
/var/log/messages. I didn't notice this earlier because it seemed to me that
pluto logged all his messages to the authpriv facility.
The message seems to be generated by the /usr/libexec/ipsec/auto shell
script. Strange enough, this script is not changed in 2.3.1 from 2.3.0, and
on 2.3.0 I have connections with type=transport and the rightsubnet
parameter happily running. I'm going to make some tests.
More information about the Users
mailing list