[Openswan Users] Ike Mode Config and virtual IP
Paul Wouters
paul at xelerance.com
Thu Feb 9 18:15:07 CET 2006
On Thu, 9 Feb 2006, Marco Berizzi wrote:
> Thanks for the reply Andreas.
> I have added leftsubnet=x.x.x.x/32 to ipsec.conf:
>
> conn IMCFG
> left=%any
> leftsourceip=172.31.254.55
> leftsubnet=172.31.254.55/32
> right=10.1.2.10
> rightid=10.1.2.10
> rightsubnet=172.16.1.0/24
> authby=secret
> auto=add
> pfs=yes
> compress=yes
> leftrsasigkey=none
> rightrsasigkey=none
> keyingtries=0
> rightupdown=/usr/local/lib/ipsec/_updown_x509
This is not good enough. Openswan has a newer implementation of
ModeConfig that works with XAUTH. Please see the README.XAUTH* files
or the example conns in testing/pluto/xauth-*
> Feb 9 11:39:30 Calimero pluto[12681]: "IMCFG"[1] 10.1.2.1 #1: received
> MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client
That's because you are missing leftxauthclient=yes and rightxauthserver=yes.
Paul
More information about the Users
mailing list