[Openswan Users] %defaultroute not working

Julien DELEAN julien.delean at peer2me.com
Wed Jul 2 09:43:36 EDT 2008


I'm not a developper but the message is print when you start openswan but in
2.6.15dr2...

Somebody has told me that 2.6.14 has some parsing conf problem and 2.6.15dr2
(on developpement) is more stable...

Regards

2008/7/2 David Jao <djao at dominia.org>:

> Hi all,
>
> I managed to fix my problem by adding "protostack=netkey" to config
> setup.  Apparently this is a new requirement of version 2.6.
>
> If any developers are reading this I would urge that they change the
> message printed out by openswan when it is started while running under
> netkey when the protostack directive is not present, as it is _not_
> obvious that openswan behaves differently with and without this
> directive included.
>
> -David
>
> David Jao wrote:
> > Hi,
> >
> > I am using Openswan to encrypt wireless network packets on my LAN (a
> > rather common usage scenario, as I understand it).
> >
> > I have a dhcp server on 192.168.0.2 that doubles as a NAT gateway for
> > 192.168.0.0/24.  The gateway runs freeswan-2.06, and my laptop on the
> > LAN runs openswan.  I am using the following configuration to encrypt
> > packets traveling between the laptop and the internet:
> >
> > config setup
> >
> > conn gateway-laptop-net
> >          left=192.168.0.2
> >          leftid=@gateway
> >          leftsubnet=0.0.0.0/0
> >          right=%defaultroute
> >          rightid=@laptop
> >          auto=start
> >          compress=no
> >          keyingtries=1
> >          ikelifetime=15m
> >          keylife=15m
> >          rekeymargin=5m
> >          leftrsasigkey=...
> >          rightrsasigkey=...
> >
> > Previously, I ran openswan 2.4.9 on my laptop, and this configuration
> > worked perfectly.  After upgrading to 2.6.14, the same configuration
> > does not work anymore unless I replace %defaultroute with my laptop's IP
> > address (which I do not want to do, because my laptop uses dhcp, and I
> > do not necessarily know its IP address ahead of time).  I have been
> > informed that the problem is not a bug in openswan but rather is a
> > problem with my configuration.
> >
> > Does anyone have any idea how I can configure this IPsec tunnel without
> > having to specify my laptop's IP address ahead of time?  Thanks!
> >
> > -David
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080702/9e1bc67f/attachment-0001.html 


More information about the Users mailing list