[Openswan Users] How to config Static-to-Roadwarrior in different openswan version?
Paul Wouters
paul at xelerance.com
Thu May 26 20:48:06 EDT 2011
On Thu, 26 May 2011, Erich Titl wrote:
> on 26.05.2011 17:53, takanobu watanabe wrote:
>> Thanks Enrich,
>>> The log says it all, you did not authorize a connection.
>>>
>>> For tests use
>>> ipsec auto --up road
You cannot --up a roadwarrior. You don't know where they are. You can at most
load the connection using ipsec auto --add road. Unless I missed context
and this was the client side of the roadwarrior, where it is fine.
>>> or modify your config file accordingly
>>> auto=up
auto=up is not valid. It is auto=add or auto=start. For roadwarriors, on
the server side use auto=add (and rekey=no)
>>>> conn road
>>>> left=192.168.11.11
>>>> leftsubnet=192.168.25.0/24
>>>> right=%any
>>>> rightnexthop=%defaultroute
The rightnexthop= is not used here. You migh as well leave it out
> typically I _believe_ you would define
>
> left=%defaultroute
> right=%any
You can not do that, as openswan in this case cannot determine if it is
left or right, since both ends are dynamic.
Paul
More information about the Users
mailing list