[Openswan Users] Old user having troubles with new techniques

[Larry Brown]

On Fri, 2010-07-02 at 09:33 -0400, Larry Brown wrote:

> 
> I found a relatively significant piece to the puzzle.  After some number
> of tests with various changes the following allowed packets from the
> roadwarrior to the office server.
> 
> RoadWarrior:
> 
> version 2.0
> 
> config setup
> 	nat_traversal=yes
> 	virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:!172.16.0.0/24
> 	oe=off
> 	protostack=netkey
> 	interfaces=%defaultroute
> 
> conn road
> 	left=%defaultroute
> 	leftid=@rw1
> 	leftsubnet=192.168.0.0/16       #these were the last changes
> 	leftrsasigkey=0s.....K
> 	right=10.45.212.71
> 	rightsubnet=172.16.0.0/24
> 	rightid=@gateway
> 	rightrsasigkey=0s.....N
> 	auto=add
> 
> Gateway:
> 
> version 2.0
> 
> config setup
> 	nat_traversal=yes
> 	virtual_private=%v4:192.168.0.0/16,%v4:10.0.0.0/8,%v4:172.16.0.0/24
> 	oe=off
> 	protostack=netkey
> 	interfaces=%defaultroute
> 
> conn road
> 	left=10.45.212.71
> 	leftid=@gateway
> 	leftsubnet=172.16.0.0/24
> 	leftrsasigkey=0s.....N
> 	right=%any
> 	rightid=@rw1
> 	rightsubnet=192.168.0.0/16       #these were the last changes
> 	rightrsasigkey=0s.....K
> 	auto=add
> 
> 
> 
> So now I need to know how can I have rightsubnet populated when the
> roadwarrior connects similar to the way right=%any works.  What can I
> use on the roadwarrior and gateway configs to accomplish this?
> 
> Larry


So close guys... Does anyone know how to dynamically set the leftsubnet
value when the roadwarrior connects?  I'm thinking this is my last
hurtle here...