[Openswan Users] Endian openswan & roadwarrior
Paul Wouters
paul at xelerance.com
Mon Oct 29 09:06:16 EDT 2007
On Mon, 29 Oct 2007, Marco Tironi wrote:
> 111.111.111.111 0.0.0.0 : PSK "nodeNKNK"
Try 111.111.111.111 %any : PSK "nodeNKNK"
Thoug be aware, you must use the same PSK for all roadwarriors.
That's why X.509 certs are better.
> Oct 29 09:30:26 pluto[2001] | protocol/port in Phase 1 ID Payload is 17/0.
> accepted with port_floating NAT-T
> Oct 29 09:30:26 pluto[2001] "nodeNK" #12: Main mode peer ID is ID_IPV4_ADDR:
> '192.168.0.200'
Note the id used by the roadwarrior is its internal IP address before NAT
> conn nodeNK
> left=111.111.111.111
> leftnexthop=%defaultroute
> leftsubnet=128.1.0.0/255.255.0.0
> right=151.37.34.175
Which does not match left= or right= (the IP is used as id if not leftid/rightid
is specified)
Either add leftid/rightid, or better, switch to X.509 certificates.
Paul
More information about the Users
mailing list