[Openswan Users] Shaky VPN connections
Paul Wouters
paul at xelerance.com
Wed Apr 12 18:51:41 CEST 2006
On Wed, 12 Apr 2006, Jacco de Leeuw wrote:
> > conn roadwarrior
> > left=%defaultroute
> > leftcert=ipsec-server.crt
> > right=%any
> > rightsubnet=vhost:%no,%priv
> > pfs=no
> > auto=add
>
> I'd recommend adding rekey=no and rightca=%same
And i would recommend splitting the conn to a roadwarrior-nonat
and a roadwarrior-nat, and use rightsubnet=vhost:%priv in one,
and no rightsubnet= in the other. I had better results with
that then using the combined vhost:%no,%priv.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list