[Openswan Users] Ike Mode Config and virtual IP

Paul Wouters paul at xelerance.com
Thu Feb 9 18:15:07 CET 2006


On Thu, 9 Feb 2006, Marco Berizzi wrote:

> Thanks for the reply Andreas.
> I have added leftsubnet=x.x.x.x/32 to ipsec.conf:
>
> conn IMCFG
>        left=%any
>        leftsourceip=172.31.254.55
>        leftsubnet=172.31.254.55/32
>        right=10.1.2.10
>        rightid=10.1.2.10
>        rightsubnet=172.16.1.0/24
>        authby=secret
>        auto=add
>        pfs=yes
>        compress=yes
>        leftrsasigkey=none
>        rightrsasigkey=none
>        keyingtries=0
>        rightupdown=/usr/local/lib/ipsec/_updown_x509

This is not good enough. Openswan has a newer implementation of
ModeConfig that works with XAUTH. Please see the README.XAUTH* files
or the example conns in testing/pluto/xauth-*

> Feb  9 11:39:30 Calimero pluto[12681]: "IMCFG"[1] 10.1.2.1 #1: received
> MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client

That's because you are missing leftxauthclient=yes and rightxauthserver=yes.

Paul


More information about the Users mailing list