[Openswan Users] Nesting configs
Larry Brown
larry.brown at dimensionnetworks.com
Wed Jul 14 17:40:57 EDT 2010
According to the man page you can use the "include <filename>" string to
include an external file in ipsec.conf. It then says that this can be
nested. I assumed that nested means the file represented above as
<filename> could have an "include <otherFilename>" inside of it. If I
attempt to include from within the first included file I get:
ipsec_setup: can not load config
'/etc/ipsec.conf': /etc/ipsec.d/include/ipsec102.comf:4: syntax error,
unexpected INCLUDE [include]
If that isn't what is meant by nesting how is nesting accomplished?
If it helps any I'm trying to do...
ipsec.conf:
---------------------------------------------
version 2.0
config setup
nat_traversal=yes
oe=off
vitual_private=%v4:192.168.0.0/24,%v4:!172.16.0.0/24
protostack=netkey
include /etc/ipsec.d/include/ipsec.*.conf
----------------------------------------------
then numerous ipsec.*.conf file such as ipsec.101.conf:
-----------------------------------------------
conn r101
include leftSide
right=%any
rightid=rw101
rightsubnet=vnet:%priv
rightrsasigkey=0s...N
auto=add
------------------------------------------------
then a single file in this folder called leftSide:
------------------------------------------------
left=24.73.101.10
leftid=GWServer
leftsubnet=172.16.0.0/24
leftrsasigkey=0s...7
------------------------------------------------
That would allow me to just add the ipsec.*.conf files specific to the
roadwarrior the file represents.
Thanks everyone for the help out here...
Larry
More information about the Users
mailing list