[Openswan Users] no connection has been authorized
Paul Wouters
paul at xelerance.com
Mon Jun 13 02:02:44 CEST 2005
On Sun, 12 Jun 2005 Herbert.Augustiny at sptroth.com wrote:
> My connection is configured to use PSK and I was able to get connected
> using Win2000 and PSK. Below is my config. I'm trying to use the definition
> for client.
> conn china
> left=%defaultroute
> leftsubnet=10.0.0.0/16
> leftcert=certs/RothGWcert.pem
> right=w.x.y.z
> rightsubnet=10.4.0.0/16
> rightid="C=CN, O=organisation, CN=china name"
> auto=start
>
> conn asia
> left=%defaultroute
> leftsubnet=10.0.0.0/16
> leftcert=certs/RothGWcert.pem
> right=z.y.x.w
> rightsubnet=10.2.0.0/24
> rightid="C=SG, O=organisation, CN=asia name"
> auto=start
>
>
> conn client
> left=%defaultroute
> leftsubnet=10.0.0.0/24
> authby=secret
> right=%any
> rightid=%any
> aggrmode=yes
> auto=add
You know cliennt uses /24 and not /16 like the others?
rightid=%any makes no sense. Especially combined with
right=%any and PSK (and aggressive mode on top of that).
You cannot have multiple machines connecting from random and
expect to distinguish them. Using an explicit rightid=@palm
or something will help openswan pick the proper connection.
Wit haggressive mode you should always specify esp= and ike=
lines. Later versions of openswan force this.
Paul
More information about the Users
mailing list