[Openswan Users] problem with config

Rob Mokkink rob at mokkinksystems.com
Sat Jul 23 18:01:37 CEST 2005 

Hi,

 

I am testing with openswan in a testlab.

I use there a private ipadress of 10.0.0.0 range en 192.168.0.0 for the
internet.

CA is setup and firewall allow connections 500 udp en 1701 for l2tp which
will be dnatted to the vpn server.

 

This is  my config:

 

version 2.0

 

config setup

interfaces=%defaultroute

nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12

 

conn %default

keyingtries=1

compress=yes

disablearrivalcheck=no

authby=rsasig

leftrsasigkey=%cert

rightrsasigkey=%cert

 

conn roadwarrior-net

leftsubnet=10.0.0.0/8

also=roadwarrior

 

conn roadwarrior

left=%defaultroute

leftcert=dsfw.redhatfw.org.pem

right=%any

rightsubnet=vhost:%no,%priv

auto=add

pfs=yes

 

conn block

auto=ignore

 

conn private

auto=ignore

 

conn private-or-clear

auto=ignore

 

conn clear-or-private

auto=ignore

 

conn clear

auto=ignore

 

conn packetdefault

auto=ignore

 

conn roadwarrior-l2tp

pfs=no

leftprotoport=17/0

rightprotoport=17/1701

also=roadwarrior

 

conn roadwarrior-l2tp-updatedwin

pfs=no

leftprotoport=17/1701

rightprotoport=17/1701

also=roadwarrior

 

conn roadwarrior-all

leftsubnet=0.0.0.0/0

also=roadwarrior

 

[root at dsfw etc]# mv ipsec.conf ipsec.bak

[root at dsfw etc]# vi ipsec.conf

right=%any

rightsubnet=vhost:%no,%priv

auto=add

pfs=yes

 

conn block

auto=ignore

 

conn private

auto=ignore

 

conn private-or-clear

auto=ignore

 

conn clear-or-private

auto=ignore

 

conn clear

auto=ignore

 

conn packetdefault

auto=ignore

 

conn roadwarrior-l2tp

pfs=no

leftprotoport=17/0

rightprotoport=17/1701

also=roadwarrior

 

conn roadwarrior-l2tp-updatedwin

pfs=no

leftprotoport=17/1701

rightprotoport=17/1701

also=roadwarrior

 

conn roadwarrior-all

leftsubnet=0.0.0.0/0

also=roadwarrior

 

When is try to start the config it give the error:

 

 

/etc/init.d/ipsec: (/etc/ipsec.conf, line 4) section
header[FAILED]aces=%defaultroute" has wrong number of fields (1) -- `start
aborted

 

 

 

Anyone an idea?

 

Regards, 

 

Rob

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050723/5cf18cef/attachment.htm

More information about the Users mailing list