[Openswan Users] problem with config

[Paul Wouters]

On Sat, 23 Jul 2005, Norman Rasmussen wrote:

>>>> interfaces=%defaultroute
>
> it doesn't like that, try providing a real interface like eth0.

It should be:

interfaces="%defaultroute"

and it *is* the recommended default setting.

Paul

> On 23/07/05, Rob Mokkink <rob at mokkinksystems.com> wrote:
>>
>>
>>
>> Hi,
>>
>>
>>
>> I am testing with openswan in a testlab.
>>
>> I use there a private ipadress of 10.0.0.0 range en 192.168.0.0 for the
>> internet.
>>
>> CA is setup and firewall allow connections 500 udp en 1701 for l2tp which
>> will be dnatted to the vpn server.
>>
>>
>>
>> This is  my config:
>>
>>
>>
>> version 2.0
>>
>>
>>
>> config setup
>>
>> interfaces=%defaultroute
>>
>> nat_traversal=yes
>>
>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
>>
>>
>>
>> conn %default
>>
>> keyingtries=1
>>
>> compress=yes
>>
>> disablearrivalcheck=no
>>
>> authby=rsasig
>>
>> leftrsasigkey=%cert
>>
>> rightrsasigkey=%cert
>>
>>
>>
>> conn roadwarrior-net
>>
>> leftsubnet=10.0.0.0/8
>>
>> also=roadwarrior
>>
>>
>>
>> conn roadwarrior
>>
>> left=%defaultroute
>>
>> leftcert=dsfw.redhatfw.org.pem
>>
>> right=%any
>>
>> rightsubnet=vhost:%no,%priv
>>
>> auto=add
>>
>> pfs=yes
>>
>>
>>
>> conn block
>>
>> auto=ignore
>>
>>
>>
>> conn private
>>
>> auto=ignore
>>
>>
>>
>> conn private-or-clear
>>
>> auto=ignore
>>
>>
>>
>> conn clear-or-private
>>
>> auto=ignore
>>
>>
>>
>> conn clear
>>
>> auto=ignore
>>
>>
>>
>> conn packetdefault
>>
>> auto=ignore
>>
>>
>>
>> conn roadwarrior-l2tp
>>
>> pfs=no
>>
>> leftprotoport=17/0
>>
>> rightprotoport=17/1701
>>
>> also=roadwarrior
>>
>>
>>
>> conn roadwarrior-l2tp-updatedwin
>>
>> pfs=no
>>
>> leftprotoport=17/1701
>>
>> rightprotoport=17/1701
>>
>> also=roadwarrior
>>
>>
>>
>> conn roadwarrior-all
>>
>> leftsubnet=0.0.0.0/0
>>
>> also=roadwarrior
>>
>>
>>
>> [root at dsfw etc]# mv ipsec.conf ipsec.bak
>>
>> [root at dsfw etc]# vi ipsec.conf
>>
>> right=%any
>>
>> rightsubnet=vhost:%no,%priv
>>
>> auto=add
>>
>> pfs=yes
>>
>>
>>
>> conn block
>>
>> auto=ignore
>>
>>
>>
>> conn private
>>
>> auto=ignore
>>
>>
>>
>> conn private-or-clear
>>
>> auto=ignore
>>
>>
>>
>> conn clear-or-private
>>
>> auto=ignore
>>
>>
>>
>> conn clear
>>
>> auto=ignore
>>
>>
>>
>> conn packetdefault
>>
>> auto=ignore
>>
>>
>>
>> conn roadwarrior-l2tp
>>
>> pfs=no
>>
>> leftprotoport=17/0
>>
>> rightprotoport=17/1701
>>
>> also=roadwarrior
>>
>>
>>
>> conn roadwarrior-l2tp-updatedwin
>>
>> pfs=no
>>
>> leftprotoport=17/1701
>>
>> rightprotoport=17/1701
>>
>> also=roadwarrior
>>
>>
>>
>> conn roadwarrior-all
>>
>> leftsubnet=0.0.0.0/0
>>
>> also=roadwarrior
>>
>>
>>
>> When is try to start the config it give the error:
>>
>>
>>
>>
>>
>> /etc/init.d/ipsec: (/etc/ipsec.conf, line 4) section
>> header[FAILED]aces=%defaultroute" has wrong number of
>> fields (1) -- `start aborted
>>
>>
>>
>>
>>
>>
>>
>> Anyone an idea?
>>
>>
>>
>> Regards,
>>
>>
>>
>> Rob
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>>
>>
>
>
>

-- 

"With Data mining, we can search specifically for clues"

--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension