[Openswan Users] VPN client IP addressing configuration issues

Paul Wouters paul at xelerance.com
Thu Sep 4 13:27:14 EDT 2008

On Thu, 4 Sep 2008, Rolando Zappacosta wrote:

>> That's not needed at this point, but there is one debug
>> option in ipsec.cond (plutodebug)
> what option is this one? I tried them but seem to be for the IPsec itself not for the data traffic.

It is for pluto debug, so the IKE part. The IPsec part in NETKEY has no debugging.
In KLIPS there is debugging support, and it is activated with klipsdebug=.

>> left=%defaultroute will pick the IP from your dynamic
>> assignment.
> I tried this but no luck. BTW, shouldn't it be the Internet public IP address from the DSL router the one that gets configured here instead of the one the DSL router assigns the PC through DHCP?

No, it should be the IP address residing on the openswan machine itself. The
NAT-T parts handle the NAT detection.

>> To tunnel all traffic (if the remote allows that), then you
>> should
>> configure rightsubnet=
> No luck too :-(

Then the configurations don't match on both endpoints.

> Is there any *up to date* guide, howto, wiki or whatever out there?

Examples can be found in testing/pluto/*


More information about the Users mailing list