[Openswan Users] Nat'd OpenSwan <-> Nat'd RoadWarrior Problem

redirecting decoy redirectingdecoy at yahoo.com
Thu Sep 29 10:39:53 CEST 2005


Paul,

I have made the changes that you suggested, but the result is the same.  I get the same error
message, and same info in the logs.  Is there something else that could be causing my problem?

Maybe I have to do something on the wireless hub ?

-R.D.

--- Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 28 Sep 2005, redirecting decoy wrote:
> 
> > 	PrivateExponent:
> >
>
0x071fdde8d795a84b4a88f281e87949b1d1af08aa04705c7e99e93e7b08802b1448c9a44295c3499c552e7a9f10e535acafdf5571e941e9f07c9e7a311fab47e3
> > 	Prime1: 0xebe6e8466fd491a9ac4f9fee7b74cc7301ab53fa8e734a4afcc4db04dcf42859
> > 	Prime2: 0xb98e17c1f34b6e435360afec1781320d979ca215a0959a438145e62901a1fff9
> > 	Exponent1: 0x9d449ad99fe30bc672dfbff4524ddda2011ce2a709a23187532de758934d703b
> > 	Exponent2: 0x7bb40fd6a23249823795ca9d6500cc090fbdc163c063bc2d00d9441b566bfffb
> > 	Coefficient: 0x8994bc6df4eb04e02340132e9654e410b18afb2e5d8e6dc2043be271efda85ff
> 
> you posted your private key. You'll need to generate a new one :)
> 
> > conn Road
> >    left=%defaultroute                 	# Gateway's information
> >    leftid=@Gateway.here.net     		#
> >    leftsubnet=192.168.10.0/24     		#
> >
> >
>
leftrsasigkey=0sAQOq/M3UNgfHDvzWvC3LXuirqGjP8GqIq95t3duIzAQJ6HhcZkZtbuaU/AvOxChzBrEWN/i+DTbTGizmNcjWpOWR
> >    rightnexthop=%defaultroute     		# correct in many situations
> >    right=%any                    		# Wildcard: we don't know the laptop's IP
> >    rightid=@Client.here.net
> >
> >
>
rightrsasigkey=0sAQOdyAthhbBPyNr68Wzs2F2K5zjUUZslFgYIbnzQ9T8FIZsxr+lBa+iCyFhqhdjYkHouDeR0nfqh8hIH8wqHia8z
> >    auto=add                       		# authorizes but doesn't start this, connection at startup
> 
> you cannot use left=%defaultroute with right=%any. At least one side must be known. 
> On the gateway side, you should use the right=%any, but you should not use left=%defaultroute,
> but specify its IP address.
> 
> On the client side, you use left=%defaultroute, but right=ipofgateway.
> 
> > =======================================================================================
> > #Clients ipsec.secrets generated using:
> 
> > # Add connections here
> > conn DoorWay
> >    left=%defaultroute                  # Dynamic IP
> >    leftid=@Client.here.net     		#
> >
> >
>
leftrsasigkey=0sAQOdyAthhbBPyNr68Wzs2F2K5zjUUZslFgYIbnzQ9T8FIZsxr+lBa+iCyFhqhdjYkHouDeR0nfqh8hIH8wqHia8z
> >    right=my.ip.address
> >    rightsubnet=192.168.10.0/24     	#
> >    rightid=@Gateway.here.net
> >
> >
>
rightrsasigkey=0sAQOq/M3UNgfHDvzWvC3LXuirqGjP8GqIq95t3duIzAQJ6HhcZkZtbuaU/AvOxChzBrEWN/i+DTbTGizmNcjWpOWR
> >    auto=add                       		# authorizes but doesn't start this, connection at startup
> 
> Use left for the machine itself and right for the server.
> using left-%defaultroute means "pick my own IP from the IP that is closest to the default gw"
> However, you ALSO put your own ip at right=, so this machine will try to connect to itself,
> if it manages to connect at all.
> 
> 



		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com


More information about the Users mailing list