[Openswan Users] Re: Adding a new connection.

Brett Curtis dashnu at gmail.com
Mon Mar 20 15:25:16 CET 2006 

After some more reading in the book I have come to the conclusion this is
due to the fact that I have right=%any in more the one connection. I am not
sure how to get by this because simply enough when I take it out of either
or connection that connection fails to load.

Client Side I have this now.

conn linux-vpn
        left=23.XX.XX.XX
        right=%defaultroute
        rightid=@Lappy.domain.com
        leftrsasigkey=0sAQNxbQY...
        rightrsasigkey=0sAQN7/...
        auto=add

Server Side I have this. (With right=%any my l2tp connection fails to load)

conn linux-vpn
        left=23.XX.XX.XX
        leftrsasigkey=0sAQNxbQY...
        right=%any
        rightid=@Lappy.domain.com
        rightrsasigkey=0sAQN7/...
        auto=add

I can connect. However I can do nothing. tcpdump shows some packets
traveling in ESP under port 4500. I cant ping my internal subnet. I can not
access my internal machines. Would adding leftsubnet=192.168.1.0/24 help ?
What about the other ends subnet?

So still stuck with two problems. I thought leftid & rightid would solve my
right=%any issue but it does not.

On 3/20/06, Brett Curtis <dashnu at gmail.com> wrote:
>
> When adding a new connection (linux to linux) to my already working
> ipsec/l2tp server, a connection from an XP client brings up this
> connection on the server and not the working roadwarrior-lt2p connect.
> Why is this? I would really like to understand why this connect starts
> up so I can continue to troubleshoot my linux to linux connect without
> interfering with my remote windows users.
>
> conn linux-road
>        left=23.XX.XX.XX
>        leftid=@vpn
>        leftsubnet=192.168.1.0/24
>        leftrsasigkey=0sAQNxbQYt.......
>        rightnexthop=%defaultroute
>        right=%any
>        rightid=@Lappy
>        rightrsasigkey=0sAQN7/HF........
>        auto=add
>
> I am still stuck trying to get linux roadwarriors set up with my current
> lt2p settings. I now have PSK for windows and OSX and RSA keys for my
> linux client. I have both of them in ipsec.secrets
>
> With that config on my server and this on my linux client I get through
> phase 1. but that is it.
>
> conn linux-road
>         left=%defaultroute
>         leftid=@Lappy
>         leftrsasigkey=0sAQN7/HF.....
>         right=23.XX.XX.XX
>         rightsubnet=192.168.1.0/24
>         rightid=@vpn
>         rightrsasigkey=0sAQNxbQYtVgyo.......
>         auto=add
>
> As always thanks for the help.
>
> Brett
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQBEHvAhSpGrHn80jWYRArMGAJ45ufKkHVV+lcd9pHcF/TXXHBUSewCgpWr+
> KRxZ0Gv6bVrM0AesqPwaZK4=
> =71Ze
> -----END PGP SIGNATURE-----
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060320/7e173df1/attachment.htm

More information about the Users mailing list