[Openswan Users] config check/advice
richard.pickett at csrtechnologies.com
Wed Jul 6 12:22:19 EDT 2011
Thanks Paul for your help!
>> version 2.0 # conforms to second version of ipsec.conf specification
>> config setup
> if you enable nat_traversal=yes on the server side, you generally want to
> fill in virtual_private=
> The example in the man page should work fine.
My private net is 10.0.1.0/24, I'm only letting "Admins" get to it, so I'm
setting it like this:
> the nhelpes line should not be needed.
>> conn adminclient
>> rightid="C=US, ST=Kentucky, O=<my O>, OU=Admin, CN=*"
> You should disallow 10.0.1.0/24 in your virtual_private= line by adding:
done, and I also have to have this on the admin.conf (right?):
>> conn userclient
>> rightid="C=US, ST=Kentucky, O=<my O>, OU=User, CN=*"
> If I understood you correctly, you want to add leftsubnet=0.0.0.0/0 here?
right, I now have that, and your comment here made me think to add the 0/0
to the admin.conf above (thanks!).
I think that's it, thanks for your help Paul!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users