[Openswan Users] x509 setup problems

Wed May 30 18:57:25 EDT 2007

On Tue, 29 May 2007, James wrote:

> >         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

> > conn roadwarrior
> >         left=%defaultroute
> >         leftcert=/etc/ipsec.d/certs/host.pem
> >         right=%any
> >         rightsubnet=vhost:%no,%priv
> >         pfs=yes
> >         leftsubnet=0.0.0.0/0

This connection will not load because openswan does not know whether it is
left or right. You need to specifty left=ipaddress. on the server

> > *CLIENT CONFIGURATION
> >
> > conn roadwarrior
> >         right=%defaultroute
> >         rightcert=/etc/ipsec.d/certs/client.pem
> >         left=192.168.1.1
> >         leftcert=/etc/ipsec.d/certs/host.pem
> >         leftsubnet=0.0.0.0/0
> >         pfs=yes
> >         auto=add

This looks okay (though I'd swap left and right here).

Paul