[Openswan Users] Endian openswan & roadwarrior
paul at xelerance.com
Mon Oct 29 09:06:16 EDT 2007
On Mon, 29 Oct 2007, Marco Tironi wrote:
> 126.96.36.199 0.0.0.0 : PSK "nodeNKNK"
Try 188.8.131.52 %any : PSK "nodeNKNK"
Thoug be aware, you must use the same PSK for all roadwarriors.
That's why X.509 certs are better.
> Oct 29 09:30:26 pluto | protocol/port in Phase 1 ID Payload is 17/0.
> accepted with port_floating NAT-T
> Oct 29 09:30:26 pluto "nodeNK" #12: Main mode peer ID is ID_IPV4_ADDR:
Note the id used by the roadwarrior is its internal IP address before NAT
> conn nodeNK
Which does not match left= or right= (the IP is used as id if not leftid/rightid
Either add leftid/rightid, or better, switch to X.509 certificates.
More information about the Users