[Openswan Users] openswan on dedibox
Paul Wouters
paul at xelerance.com
Wed Nov 12 16:00:15 EST 2008
On Wed, 12 Nov 2008, Reza Issany wrote:
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12,%4:192.168.2.0/24
^^^^ ^^^^^^
missing 'v' there. It is %v4 not %4.
> interfaces=%defaultroute
> OE=off
> plutodebug=none
> nhelpers=1
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
>
> conn roadwarrior-xp
> type=transport
> left=publicIPoftheserver
> leftsubnet=192.168.2.0/24
transport mode with subnets?
> leftcert=vpn.toto.com.pem
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> pfs=no
> auto=add
Looks like you want l2tp. so leave out the leftsubnet, and add:
rightsubnet=vhost:%priv,%no
> When I do a tcpdump when trying to connect I just have this log :
Don't use tcpdump with ipsec, there is no point. It is all crypted.
> Any idea please ?
Show us the logs from /var/log/secure or /var/log/auth*
Paul
More information about the Users
mailing list