[Openswan Users] R: Endian openswan & roadwarrior
Tironi Marco
tironi at 8volante.com
Fri Nov 9 14:06:02 EST 2007
Ok, I have set %any and the IKE phase 1 works. Now the problem is that i
don't know what to write in "RIGHTID". Can you make me some examples or
give me some explanation.
Regards
Marco
Paul Wouters ha scritto:
> On Fri, 9 Nov 2007, Marco Tironi wrote:
>
>>> 111.111.111.111 0.0.0.0 : PSK "nodeNKNK"
>> Try 111.111.111.111 %any : PSK "nodeNKNK"
>>
>> ##### Ok, now works!
>>
>> Thoug be aware, you must use the same PSK for all roadwarriors.
>> That's why X.509 certs are better.
>>
>> ##### I know, but PSK are ok for testing the system.
>>
>>> conn nodeNK
>>> left=111.111.111.111
>>> leftnexthop=%defaultroute
>>> leftsubnet=128.1.0.0/255.255.0.0
>>> right=151.37.34.175
>> Which does not match left= or right= (the IP is used as id if not
>> leftid/rightid is specified)
>>
>> Either add leftid/rightid, or better, switch to X.509 certificates.
>>
>> ##### If i don't know the rightid, can I use "0.0.0.0/0" ?? How can I
>> correctly set the ID ?
>
> right=%any
> But then you will also have to explicitely set the rightid=
>
> Paul
More information about the Users
mailing list