[Openswan Users] Roadwarrior configuration examples
Jim Blake
jim at blakes.homeip.net
Fri May 25 06:55:53 EDT 2007
I'm looking at the configuration for roadwarriors in the OpenSWAN wiki:
The roadwarrior side ipec.conf has:
"conn road
left=%defaultroute # Picks up our dynamic IP
leftid=@road.example.com # Local information
leftrsasigkey=0sAQPIPN9uI... #
right=192.0.2.10 # Remote information
rightsubnet=10.0.0.0/24 #
rightid=@xy.example.com #
rightrsasigkey=0sAQOnwiBPt... #
auto=add # authorizes but doesn't start this
# connection at startup"
and the gateway side has:
"conn road
left=192.0.2.2 # Gateway's information
leftid=@xy.example.com #
leftsubnet=176.16.0.0/24 #
leftrsasigkey=0sAQOnwiBPt... #
rightnexthop=%defaultroute # correct in many situations
right=%any # Wildcard: we don't know the laptop's IP
rightid=@road.example.com #
rightrsasigkey=0sAQPIPN9uI... #
auto=add # authorizes but doesn't start this
# connection at startup"
The roadwarrior side says
"right=192.0.2.10 # Remote information"
which I assume to be the gateway address (it can't be the roadwarriors
address, that is declared as "right=%any" because we get it by DHCP and
can't know it in advance), but the gateway side says
"left=192.0.2.2 # Gateway's information"
which the comment says is the gateway. If my understanding is correct,
shouldn't they be the same address?
I thought they both represented the gateway end of the tunnel, so should
be the same addresses...am I wrong, and if so, how does this work, or if
I'm right, is this a typo?
Apologies for the low-grade questions, but I've got limited access to the
servers, and I'm trying to research and confirm my actions *before* I do
anything on live systems (A prepared sysop? Did hell just freeze over?)
Thanks
Jim
More information about the Users
mailing list