[Openswan Users] %defaultroute equivalent for ipsec.secrets
Andy Gay
andy at andynet.net
Sun Sep 17 23:32:51 EDT 2006
On Sun, 2006-09-17 at 20:12 -0400, Jonathan Coles wrote:
> I have a road warrior configuration working with my office VPN.
>
> conn office
> left= xxx.xxx.xxx.xxx # vpn gateway at work
> leftsubnet=172.20.120.0/24 # office subnet
> right=%defaultroute
> keyexchange=ike
> authby=secret
> esp=3des
> compress=yes
>
> This works just fine if ipsec.secrets contains my IP and the
> VPN gateway IP, like this:
>
> xxx.xxx.xxx.xxx 192.168.0.101 : PSK "pre-shared_secret"
>
> If the computer is a laptop using DHCP, its address will not
> always be 192.168.0.101. It need to use %defaultroute, just
> like in my connection definition, to supply the current IP
> address. Is there some equivalent I can use?
Just don't specify your address. E.g.
xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
or even just
: PSK "pre-shared_secret"
will work.
>
> I tried %any as mentioned in the ipsec.secrets man page, but
> it doesn't work. Error message: "Can't authenticate: no
> preshared key found for `192.168.0.101' and `xxx.xxx.xxx.xxx'."
>
> Have I misunderstood something?
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list