[Openswan Users] R: Endian openswan & roadwarrior

Peter McGill petermcgill at goco.net
Mon Nov 12 09:54:48 EST 2007


It doesn't matter as long as the id's are the same on both sides of the connection.
It's explained further in the documentation, try reading the ipsec.conf manpage.
For example: rightid=@roadwarrior

Peter McGill
 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Tironi Marco
> Sent: November 9, 2007 2:06 PM
> To: users at openswan.org
> Subject: Re: [Openswan Users] R: Endian openswan & roadwarrior
> 
> Ok, I have set %any and the IKE phase 1 works. Now the 
> problem is that i 
> don't know what to write in "RIGHTID". Can you make me some 
> examples or 
> give me some explanation.
> 
> Regards
> 
> Marco
> 
> Paul Wouters ha scritto:
> > On Fri, 9 Nov 2007, Marco Tironi wrote:
> > 
> >>> 111.111.111.111 0.0.0.0 : PSK "nodeNKNK"
> >> Try 111.111.111.111 %any : PSK "nodeNKNK"
> >>
> >> ##### Ok, now works!
> >>
> >> Thoug be aware, you must use the same PSK for all roadwarriors.
> >> That's why X.509 certs are better.
> >>
> >> ##### I know, but PSK are ok for testing the system.
> >>
> >>> conn nodeNK
> >>>         left=111.111.111.111
> >>>         leftnexthop=%defaultroute
> >>>         leftsubnet=128.1.0.0/255.255.0.0
> >>>         right=151.37.34.175
> >> Which does not match left= or right= (the IP is used as id if not
> >> leftid/rightid is specified)
> >>
> >> Either add leftid/rightid, or better, switch to X.509 certificates.
> >>
> >> ##### If i don't know the rightid, can I use "0.0.0.0/0" 
> ?? How can I
> >> correctly set the ID ?
> > 
> > right=%any
> > But then you will also have to explicitely set the rightid=
> > 
> > Paul
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155



More information about the Users mailing list