[Openswan Users]
Paul Wouters
paul at xelerance.com
Wed Jan 11 17:00:42 CET 2006
On Wed, 11 Jan 2006, Geert Janssens wrote:
> First I added rightsubnet=vhost:%priv,%no on both sides. When I restarted
> ipsec, the tunnel didn't show up in ipsec auto --status.
> So I tried to manually add the routes with
> # ipsec auto --add kobaltwit-to-auxima
>
> This returned an error:
> 023 virtual IP must only be used with %any and without client
>
> So I also replaced rightid with %any (it was the remote firewall's public
> interface until now). After restarting the routes appear again in ipsec auto
> --status, but I can't up the connection:
> [root at chief openswan]# ipsec auto --verbose --up kobaltwit-to-auxima
> 029 "kobaltwit-to-auxima": cannot initiate connection without knowing peer IP
> address (kind=CK_TEMPLATE)
Only add the rightsubnet to the responder (server), not the initiator (client)
Paul
More information about the Users
mailing list