[Openswan Users] From static IP to Road Warrior
Paul Wouters
paul at xelerance.com
Fri Nov 9 12:14:59 EST 2007
On Fri, 9 Nov 2007, tohyob at virgilio.it wrote:
>
> leftid=@laptop
> right=%defaultroute
>
> rightsubnet=192.168.100.0/24
> rightid=@GSO
>
> leftrsasigkey=0sAQN7B.....
> rightrsasigkey=0sAQNq0.....
>
> These
> configurations work well: when on the laptop I try "ipsec auto --up net-
> laptop" I can see "IPSEC SA established" (by means of "ipsec auto --
> status")
>
> Now let's suppose that I want make a road warrior out of the
> laptop: in GSO ipsec.conf I replace left and right this way:
> left=%any
> (I have tried also: left=0.0.0.0)
> right=85.A.B.C
>From the man page:
If it is %defaultroute, and the config
setup section’s, interfaces specification contains %default-
route, left will be filled in automatically with the local
address of the default-route interface (as determined at IPsec
startup time); this also overrides any value supplied for left-
nexthop. (Either left or right may be %defaultroute, but not
both.) The value %any signifies an address to be filled in (by
automatic keying) during negotiation.
In other words. On laptop, use left=%defaultroute and right=ip.gw
on the gateway use, left=ip.gw and right=%any
Paul
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list