[Openswan Users] R: Re: From static IP to Road Warrior

tohyob at virgilio.it tohyob at virgilio.it
Fri Nov 9 13:30:47 EST 2007 

Isn't the opposite for GSO? I.e.  left=%any and right=ip.gw ?
Because 
in the ipsec.conf I posted leftid=@laptop and rightid=@GSO
(the "left 
part" as you can see refer to the laptop in both ipsec.conf).

However 
I tried but obtain same result from auth.log:
Nov  9 19:11:31 fw pluto
[12925]: packet from 84.x.y.z:500: ignoring unknown Vendor ID payload 
[4f456c4c4f5d5264574e5244]
Nov  9 19:11:31 fw pluto[12925]: packet 
from 
84.x.y.z::500: received Vendor ID payload [Dead Peer Detection]
Nov  9 
19:11:31 fw pluto[12925]: packet from 84.x.y.z:500: initial 
Main Mode 
message received on 192.168.0.254:500 but no connection has 
been 
authorized
I don't understand....

Antonio

----Messaggio 
originale----
Da: paul at xelerance.com
Data: 9-nov-2007 18.14
A: 
"tohyob at virgilio.it"
<tohyob at virgilio.it>
Cc: <users at openswan.org>
Ogg: 
Re: [Openswan Users] 
>From static IP to Road Warrior

On Fri, 9 Nov 
2007, tohyob at virgilio.it 
wrote:

>
> leftid=@laptop
>         right=%
defaultroute
>
> 
rightsubnet=192.168.100.0/24
>         rightid=@GSO
>
> 
leftrsasigkey=0sAQN7B.....
>         rightrsasigkey=0sAQNq0.....
>
> 
These
> configurations work well: when on the laptop I try "ipsec 
auto 
--up net-
> laptop" I can see "IPSEC SA established" (by means 
of 
"ipsec auto --
> status")
>
> Now let's suppose that I want make a 
road 
warrior out of the
> laptop: in GSO ipsec.conf I replace left and 
right 
this way:
> 	left=%any
> (I have tried also: left=0.0.0.0)
> 	
right=85.
A.B.C

>From the man page:

If it is %defaultroute, and the 
config
setup 
section’s,  interfaces  specification  contains  %
default-
route,   
left  will  be  filled  in automatically with the 
local
address of the 
default-route interface (as determined  at  IPsec
startup  time); this 
also overrides any value supplied for left-
nexthop. (Either left or 
right may  be  %defaultroute,  but  not
both.)  The  value %any 
signifies an address to be filled in (by
automatic keying) during 
negotiation.

In other words. On laptop, use 
left=%defaultroute and 
right=ip.gw
on the gateway use, left=ip.gw and 
right=%any

Paul
>

-- 
Building and integrating Virtual Private 
Networks with Openswan:
http:
//www.amazon.
com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list