[Openswan Users] Endian openswan & roadwarrior

Paul Wouters paul at xelerance.com
Mon Oct 29 09:06:16 EDT 2007

On Mon, 29 Oct 2007, Marco Tironi wrote:

> : PSK "nodeNKNK"

Try %any : PSK "nodeNKNK"

Thoug be aware, you must use the same PSK for all roadwarriors.
That's why X.509 certs are better.

> Oct 29 09:30:26 pluto[2001] | protocol/port in Phase 1 ID Payload is 17/0.
> accepted with port_floating NAT-T
> Oct 29 09:30:26 pluto[2001] "nodeNK" #12: Main mode peer ID is ID_IPV4_ADDR:
> ''

Note the id used by the roadwarrior is its internal IP address before NAT

> conn nodeNK
>         left=
>         leftnexthop=%defaultroute
>         leftsubnet=
>         right=

Which does not match left= or right= (the IP is used as id if not leftid/rightid
is specified)

Either add leftid/rightid, or better, switch to X.509 certificates.


More information about the Users mailing list