[Openswan Users] %defaultroute not working

Marek Greško gresko at thr.sk
Wed Jul 2 09:44:25 EDT 2008 

Dňa St 2. Júl 2008 David Jao napísal:
> Hi all,
>
> I managed to fix my problem by adding "protostack=netkey" to config
> setup.  Apparently this is a new requirement of version 2.6.
>

I have protostack=netkey in config setup section, but still no luck.

Marek

> If any developers are reading this I would urge that they change the
> message printed out by openswan when it is started while running under
> netkey when the protostack directive is not present, as it is _not_
> obvious that openswan behaves differently with and without this
> directive included.
>
> -David
>
> David Jao wrote:
> > Hi,
> >
> > I am using Openswan to encrypt wireless network packets on my LAN (a
> > rather common usage scenario, as I understand it).
> >
> > I have a dhcp server on 192.168.0.2 that doubles as a NAT gateway for
> > 192.168.0.0/24.  The gateway runs freeswan-2.06, and my laptop on the
> > LAN runs openswan.  I am using the following configuration to encrypt
> > packets traveling between the laptop and the internet:
> >
> > config setup
> >
> > conn gateway-laptop-net
> >          left=192.168.0.2
> >          leftid=@gateway
> >          leftsubnet=0.0.0.0/0
> >          right=%defaultroute
> >          rightid=@laptop
> >          auto=start
> >          compress=no
> >          keyingtries=1
> >          ikelifetime=15m
> >          keylife=15m
> >          rekeymargin=5m
> >          leftrsasigkey=...
> >          rightrsasigkey=...
> >
> > Previously, I ran openswan 2.4.9 on my laptop, and this configuration
> > worked perfectly.  After upgrading to 2.6.14, the same configuration
> > does not work anymore unless I replace %defaultroute with my laptop's IP
> > address (which I do not want to do, because my laptop uses dhcp, and I
> > do not necessarily know its IP address ahead of time).  I have been
> > informed that the problem is not a bug in openswan but rather is a
> > problem with my configuration.
> >
> > Does anyone have any idea how I can configure this IPsec tunnel without
> > having to specify my laptop's IP address ahead of time?  Thanks!
> >
> > -David
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



-- 
Marek Greško
systémový administrátor
THR Systems, a. s.
tel.: +421 650 52 00 24

Naša spoločnosť vytvára neustále nové pracovné miesta, preto neprehliadnite 
našu ponuku: http://www.thrsystems.com/2006/sk/ospolocnosti/index.php#kariera

More information about the Users mailing list