[Openswan Users] Problem with "left=%any" option
Paul Wouters
paul at xelerance.com
Wed Dec 3 12:14:02 EST 2008
On Wed, 3 Dec 2008, PVG Ravi Kumar wrote:
> conn RemoteGateway
> type=tunnel
> authby=secret
> left=%any
> leftid=10.1.1.253
> leftsubnet=192.168.100.1/24
> right=192.168.10.173
> rightid=10.1.1.254
Note having to use right=ip and rightid=otherip is odd and likely wrong.
> rightsubnet=192.168.200.1/24
> ike=aes-128-sha1-modp1024
> auth=esp
> esp=aes-128-sha1
> pfs=no
> auto=route
> Log messages:
I've said it before and I'll say it again for google, do NOT able plutodebug=
when trying to resolve configuration problems.
> Dec 3 12:03:42 localhost pluto[4666]: packet from 192.168.10.173:500:
> initial Main Mode message received on 192.168.10.193:500 but no connection
> has been authorized
> Please Note: 192.168.10.193 is my system interface IP Address
This means this end is not "rght", so it must be left. But then you
need left=%defaultroute and not left=%any.
> When I try the same configurations with "left=%defaultroute" option, tunnel
> establishment is fine.
Yes, as it should.
> I am trying with "left=%any" option, because I have 3 interfaces in my
> system and I want to use any interface which is active during the
> negotiation time
You will have to make three conns for that. And since "%defaultroute" just
picks the IP closest to your default route, you cannot use that option
on all 3 interfaces (they'd end up getting the same one ip and use the
same one interface), so you need to specify the IP's for each of the
three conns.
Paul
More information about the Users
mailing list