[Openswan Users] Roadwarrior gateway setup
Paul Wouters
paul at xelerance.com
Thu Jan 28 16:56:11 EST 2010
On Thu, 28 Jan 2010, Randy Wyatt wrote:
> Is there a way to configure it as a gateway with clients that contain a
> dynamic IP address?
On the initiator/client side, use left=%defaultroute
On the responder/server side, use right=%any
> The FQDN of the Clients will change depending on the IP address that they
> are allocated by the external ISP.
The leftid=@some.host.name is just a "string", usually written as a FQDN
but it does not matter if the IP of the client actually resolves that in
DNS.
> conn primary
> authby=secret
> type=tunnel
> left=xxx.xxx.xxx.xxx
> leftsubnet=xxx.xxx.xxx.xxx/24
> leftid=@dolphins.devnet.nvtl.local
> right=%any
> keyexchange=ike
> ike=3des-sha1
> phase2=esp
> phase2alg=3des-sha1;modp1024
> pfs=yes
> auto=add
>
> When starting the connection through ipsec auto –up primary, I get the
> following error
If this is the client side (--up) then you should use right=%defaultroute,
assuming left= is the server. If this is the server side configuration,
then right=%any is correct. Though add rekey=no (you cannot rekey to dynamic
clients). Also, you will need a rightid= as well, because else it defaults
to the IP, which in your case won't work because it is dynamic.
Paul
More information about the Users
mailing list