[Openswan Users] R: Endian openswan & roadwarrior
Peter McGill
petermcgill at goco.net
Mon Nov 12 09:54:48 EST 2007
It doesn't matter as long as the id's are the same on both sides of the connection.
It's explained further in the documentation, try reading the ipsec.conf manpage.
For example: rightid=@roadwarrior
Peter McGill
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Tironi Marco
> Sent: November 9, 2007 2:06 PM
> To: users at openswan.org
> Subject: Re: [Openswan Users] R: Endian openswan & roadwarrior
>
> Ok, I have set %any and the IKE phase 1 works. Now the
> problem is that i
> don't know what to write in "RIGHTID". Can you make me some
> examples or
> give me some explanation.
>
> Regards
>
> Marco
>
> Paul Wouters ha scritto:
> > On Fri, 9 Nov 2007, Marco Tironi wrote:
> >
> >>> 111.111.111.111 0.0.0.0 : PSK "nodeNKNK"
> >> Try 111.111.111.111 %any : PSK "nodeNKNK"
> >>
> >> ##### Ok, now works!
> >>
> >> Thoug be aware, you must use the same PSK for all roadwarriors.
> >> That's why X.509 certs are better.
> >>
> >> ##### I know, but PSK are ok for testing the system.
> >>
> >>> conn nodeNK
> >>> left=111.111.111.111
> >>> leftnexthop=%defaultroute
> >>> leftsubnet=128.1.0.0/255.255.0.0
> >>> right=151.37.34.175
> >> Which does not match left= or right= (the IP is used as id if not
> >> leftid/rightid is specified)
> >>
> >> Either add leftid/rightid, or better, switch to X.509 certificates.
> >>
> >> ##### If i don't know the rightid, can I use "0.0.0.0/0"
> ?? How can I
> >> correctly set the ID ?
> >
> > right=%any
> > But then you will also have to explicitely set the rightid=
> >
> > Paul
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
More information about the Users
mailing list