[Openswan Users] R: Endian openswan & roadwarrior
Paul Wouters
paul at xelerance.com
Fri Nov 9 12:21:48 EST 2007
On Fri, 9 Nov 2007, Marco Tironi wrote:
> > 111.111.111.111 0.0.0.0 : PSK "nodeNKNK"
>
> Try 111.111.111.111 %any : PSK "nodeNKNK"
>
> ##### Ok, now works!
>
> Thoug be aware, you must use the same PSK for all roadwarriors.
> That's why X.509 certs are better.
>
> ##### I know, but PSK are ok for testing the system.
>
> > conn nodeNK
> > left=111.111.111.111
> > leftnexthop=%defaultroute
> > leftsubnet=128.1.0.0/255.255.0.0
> > right=151.37.34.175
>
> Which does not match left= or right= (the IP is used as id if not
> leftid/rightid is specified)
>
> Either add leftid/rightid, or better, switch to X.509 certificates.
>
> ##### If i don't know the rightid, can I use "0.0.0.0/0" ?? How can I
> correctly set the ID ?
right=%any
But then you will also have to explicitely set the rightid=
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list