[Openswan Users] openswan road warriors configuration

Paul Wouters paul at xelerance.com
Thu Oct 27 19:46:03 CEST 2005


On Thu, 27 Oct 2005, Apalodimas Ilias wrote:

> this is the "client" side, my problem concerns ipsec.secrtes file
> : PSK "some key" works fine but,
>
> changing the ipsec.secrets to:
> %any y.y.y.y: PSK "some key"
> does not. Is this ok ?
> the debug shows :
> Oct 20 16:44:34 pluto[21219]: loading secrets from "/etc/ipsec.secrets"
> Oct 20 16:44:41 pluto[21219]: "test2" #1: initiating Main Mode
> Oct 20 16:44:41 pluto[21219]: "test2" #1: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03] method set to=108
> Oct 20 16:44:41 pluto[21219]: "test2" #1: Can't authenticate: no preshared key
> found for `x.x.x.x` and `y.y.y.y'.  Attribute OAKLEY_AUTHENTICATION_METHOD

try:

x.x.x.x %any: "secret"

>
> I' ve also tried left=%any instead of %defaultroute in ipsec.conf(which

left=%any means "left can come from anywhere"
left=%defaultroute means "left should be the ip address I got on the interface
     that has the default route".

%any is used on the server side to denote clients from everywhere
%defaultroute is used on the client side to picl up it's dynamic ip address.

you can not use both any and defaultroute in the same conn, since then it is
unknown who is who and who is where.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list