[Openswan Users] virtual_private syntax error???

Paul Wouters paul at xelerance.com
Sun Feb 22 14:57:18 EST 2009


On Sat, 21 Feb 2009, DeShawn wrote:

> config setup
>         nat_traversal=yes
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.231.1/24,%v4:!172.16.1.0/24
>
>
> "ipsec setup start" start ipsec well enough, however I can't connect my roadwarriors from behind a NAT. After some investigation, I found
> [ ~ ]# ipsec auto status
> 000 virtual_private (%priv):
> 000 - allowed 3 subnets: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
> 000 - disallowed 2 subnets: 192.168.231.0/24, 172.16.1.0/24
> 000 WARNING: Either virtual_private= was not specified, or there was a syntax
> 000          error in that line. 'left/rightsubnet=%priv' will not work!

The warning is wrong. It did parse the subnets properly as the allowed/disallowed lines show.
I'll look into this.

Paul


More information about the Users mailing list