[Openswan Users] Re: Adding a new connection.

Paul Wouters paul at xelerance.com
Tue Mar 21 01:09:54 CET 2006

On Mon, 20 Mar 2006, Brett Curtis wrote:

> After some more reading in the book I have come to the conclusion this is
> due to the fact that I have right=%any in more the one connection. I am not
> sure how to get by this because simply enough when I take it out of either
> or connection that connection fails to load.

The problem is that for multiple right=%ay connections, it should be obvious
in the phase 1 of the connection for which "conn" it is. Usualy you can force
this by setting a leftid=/rightid=.

> I can connect. However I can do nothing. tcpdump shows some packets
> traveling in ESP under port 4500. I cant ping my internal subnet. I can not
> access my internal machines. Would adding leftsubnet= help ?
> What about the other ends subnet?

first try to connect to each conn on its own, eg with the other conn  set to
auto=ignore. If both work, try to enable them both.

> So still stuck with two problems. I thought leftid & rightid would solve my
> right=%any issue but it does not.

It doesn't?


