[Openswan Users] %defaultroute equivalent for ipsec.secrets
andy at andynet.net
Sun Sep 17 23:32:51 EDT 2006
On Sun, 2006-09-17 at 20:12 -0400, Jonathan Coles wrote:
> I have a road warrior configuration working with my office VPN.
> conn office
> left= xxx.xxx.xxx.xxx # vpn gateway at work
> leftsubnet=172.20.120.0/24 # office subnet
> This works just fine if ipsec.secrets contains my IP and the
> VPN gateway IP, like this:
> xxx.xxx.xxx.xxx 192.168.0.101 : PSK "pre-shared_secret"
> If the computer is a laptop using DHCP, its address will not
> always be 192.168.0.101. It need to use %defaultroute, just
> like in my connection definition, to supply the current IP
> address. Is there some equivalent I can use?
Just don't specify your address. E.g.
xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
or even just
: PSK "pre-shared_secret"
> I tried %any as mentioned in the ipsec.secrets man page, but
> it doesn't work. Error message: "Can't authenticate: no
> preshared key found for `192.168.0.101' and `xxx.xxx.xxx.xxx'."
> Have I misunderstood something?
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users