[Openswan Users] %defaultroute equivalent for ipsec.secrets
Paul Wouters
paul at xelerance.com
Mon Sep 18 00:54:13 EDT 2006
On Sun, 17 Sep 2006, Andy Gay wrote:
> > conn office
> > left= xxx.xxx.xxx.xxx # vpn gateway at work
> > leftsubnet=172.20.120.0/24 # office subnet
> > right=%defaultroute
I'd recommend switching left/right here.
> > This works just fine if ipsec.secrets contains my IP and the
> > VPN gateway IP, like this:
> >
> > xxx.xxx.xxx.xxx 192.168.0.101 : PSK "pre-shared_secret"
> >
> > If the computer is a laptop using DHCP, its address will not
> > always be 192.168.0.101. It need to use %defaultroute, just
> > like in my connection definition, to supply the current IP
> > address. Is there some equivalent I can use?
>
> Just don't specify your address. E.g.
> xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
>
> or even just
> : PSK "pre-shared_secret"
>
> will work.
Or try 0.0.0.0.
Or use a specific leftid/rightid and add those, eg:
@client xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list