[Openswan Users] problem with config

Norman Rasmussen normanr at gmail.com
Sat Jul 23 21:26:12 CEST 2005 

>>> interfaces=%defaultroute

it doesn't like that, try providing a real interface like eth0.

On 23/07/05, Rob Mokkink <rob at mokkinksystems.com> wrote:
>  
>  
> 
> Hi, 
> 
>   
> 
> I am testing with openswan in a testlab. 
> 
> I use there a private ipadress of 10.0.0.0 range en 192.168.0.0 for the
> internet. 
> 
> CA is setup and firewall allow connections 500 udp en 1701 for l2tp which
> will be dnatted to the vpn server. 
> 
>   
> 
> This is  my config: 
> 
>   
> 
> version 2.0 
> 
>   
> 
> config setup 
> 
> interfaces=%defaultroute 
> 
> nat_traversal=yes 
> 
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12 
> 
>   
> 
> conn %default 
> 
> keyingtries=1 
> 
> compress=yes 
> 
> disablearrivalcheck=no 
> 
> authby=rsasig 
> 
> leftrsasigkey=%cert 
> 
> rightrsasigkey=%cert 
> 
>   
> 
> conn roadwarrior-net 
> 
> leftsubnet=10.0.0.0/8 
> 
> also=roadwarrior 
> 
>   
> 
> conn roadwarrior 
> 
> left=%defaultroute 
> 
> leftcert=dsfw.redhatfw.org.pem 
> 
> right=%any 
> 
> rightsubnet=vhost:%no,%priv 
> 
> auto=add 
> 
> pfs=yes 
> 
>   
> 
> conn block 
> 
> auto=ignore 
> 
>   
> 
> conn private 
> 
> auto=ignore 
> 
>   
> 
> conn private-or-clear 
> 
> auto=ignore 
> 
>   
> 
> conn clear-or-private 
> 
> auto=ignore 
> 
>   
> 
> conn clear 
> 
> auto=ignore 
> 
>   
> 
> conn packetdefault 
> 
> auto=ignore 
> 
>   
> 
> conn roadwarrior-l2tp 
> 
> pfs=no 
> 
> leftprotoport=17/0 
> 
> rightprotoport=17/1701 
> 
> also=roadwarrior 
> 
>   
> 
> conn roadwarrior-l2tp-updatedwin 
> 
> pfs=no 
> 
> leftprotoport=17/1701 
> 
> rightprotoport=17/1701 
> 
> also=roadwarrior 
> 
>   
> 
> conn roadwarrior-all 
> 
> leftsubnet=0.0.0.0/0 
> 
> also=roadwarrior 
> 
>   
> 
> [root at dsfw etc]# mv ipsec.conf ipsec.bak 
> 
> [root at dsfw etc]# vi ipsec.conf 
> 
> right=%any 
> 
> rightsubnet=vhost:%no,%priv 
> 
> auto=add 
> 
> pfs=yes 
> 
>   
> 
> conn block 
> 
> auto=ignore 
> 
>   
> 
> conn private 
> 
> auto=ignore 
> 
>   
> 
> conn private-or-clear 
> 
> auto=ignore 
> 
>   
> 
> conn clear-or-private 
> 
> auto=ignore 
> 
>   
> 
> conn clear 
> 
> auto=ignore 
> 
>   
> 
> conn packetdefault 
> 
> auto=ignore 
> 
>   
> 
> conn roadwarrior-l2tp 
> 
> pfs=no 
> 
> leftprotoport=17/0 
> 
> rightprotoport=17/1701 
> 
> also=roadwarrior 
> 
>   
> 
> conn roadwarrior-l2tp-updatedwin 
> 
> pfs=no 
> 
> leftprotoport=17/1701 
> 
> rightprotoport=17/1701 
> 
> also=roadwarrior 
> 
>   
> 
> conn roadwarrior-all 
> 
> leftsubnet=0.0.0.0/0 
> 
> also=roadwarrior 
> 
>   
> 
> When is try to start the config it give the error: 
> 
>   
> 
>   
> 
> /etc/init.d/ipsec: (/etc/ipsec.conf, line 4) section
> header[FAILED]aces=%defaultroute" has wrong number of
> fields (1) -- `start aborted 
> 
>   
> 
>   
> 
>   
> 
> Anyone an idea? 
> 
>   
> 
> Regards, 
> 
>   
> 
> Rob 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 
> 
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/

More information about the Users mailing list