[Openswan Users] need some help to configure openswan on net tonet

reza issanyr at olympecti.fr
Fri Sep 11 11:53:09 EDT 2009


So how can I generate a good one ? I have change the client subnet to 192.168.3.0/24
but same problem. What are the leftid and the righteid ? Can I put anything in ?

azer.


-----Message d'origine-----
De : Paul Wouters [mailto:paul at xelerance.com] 
Envoyé : vendredi 11 septembre 2009 17:42
À : reza
Cc : users at openswan.org
Objet : RE: [Openswan Users] need some help to configure openswan on net tonet

On Fri, 11 Sep 2009, reza wrote:

> OK, I have found how to create the file using urandom.

You have now generated a key that is not suitable as a long term key.
There is a very VALID reason why openswan did not use urandom for that.
Trying to modify cryptographic code without understanding it, is an
extremely unwise course of action to take.

> Now it seems that the tunnel doesn't establish (on client) :
>
> Sep 11 17:31:39 octi pluto[15559]: "zola-octi" #9: the peer proposed: 192.168.2.0/24:0/0 -> 192.168.2.0/24:0/0

As I said before, you cannot have the same subnet on both ends. Where should a packet for 192.168.2.1
go to? To machine A with 192.168.2.1 or to machine B with 192.168.2.1.

Paul




More information about the Users mailing list