[Openswan Users] OpenSWAN and Route issue
Tuomo Soini
tis at foobar.fi
Mon Sep 1 01:44:25 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dennis Otte wrote:
|
| Okay here is my ipsec.conf
Please keep discussion on the list.
| # basic configuration
| config setup
| forwardcontrol=yes
| nat_traversal=yes
|
| # Add connections here
|
| conn net-to-net
| auto=start
| left=192.168.1.107
| leftid=@cerb.homelinux.net
| leftrsasigkey=XXXXX
| leftsubnet=172.20.10.0/24
| #leftnexthop=172.20.10.1
That is wrong, it's commented out but it's still wrong. If you ip
network at cerb is 172.20.10.0.24 then your leftnexthop is _next_ router
from 192.168.1.107, you can see correct host by checking default gateway.
If 172.20.10.0/24 is correct network at cerb end and cerb has ip
172.20.10.1 then correct parameter might be leftsourceip=172.20.10.1.
| right=narakosh.homelinux.net
| rightid=@narakosh.homelinux.net
| rightrsasigkey=XXXXXXX
| #rightnexthop=172.20.20.1
| rightsubnet=172.20.20.0/24
And similar fixes to here.
| #Disable Opportunistic Encryption
| include /etc/ipsec.d/examples/no_oe.conf
- --
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFIu4E5TlrZKzwul1ERAsFXAJ9u1MH57GKJuHrATvWx7pEMLPUY1QCfXHia
bLf+ktJYeDFNAvws8gbxsA8=
=Btiu
-----END PGP SIGNATURE-----
More information about the Users
mailing list