[Openswan Users] Simple Help
Paul Wouters
paul at xelerance.com
Tue Nov 6 18:30:54 EST 2007
On Tue, 6 Nov 2007, Jae Chang wrote:
> I am having a vexing problem, trying to move a tunnel from one gateway
> to another. Any help with fresh eyes, will be greatly appreciated.
>
> I just want to verify that this type of configuration is okay:
>
> conn xxx
> <deleted lines>
> right=206.113.192.186
> rightsubnet=206.113.192.128/25
>
> Basically, is it okay to specify the right ipaddress, which is part of
> the rightsubnet? This is the main thing i see as being a possible
> problem. This configuration worked fine in an old freeswan gateway, but
> moving to openswan is giving me the following in ipsec barf below. it
> never gets past Phase I:
In theory, no. But in practise it works for some, and not for others.
Ifsomeone ever pinpoints what makes or breaks these types of setups,
and we can accomodate it, we have no issue with it.
But in general it requires a lot of magic with routing, portforwarding
and NAT.
You might want to try KLIPS instead of NETKEY too.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list