[Openswan Users] Sending Configuration Request Payload

Michael H. Warfield mhw at WittsEnd.com
Tue Nov 22 23:55:08 EST 2011

On Wed, 2011-11-23 at 08:48 +0530, Prashant Batra wrote: 
> Hi,
> I am trying to setup a IPSec tunnel(net-net) using openswan with IKEv2
> as the IKE exchange protocol.
> My tunnel setup requires an IP assignment to be given by the peer
> gateway. So openswan should send a CP request payload requesting IP
> address.
> But I am not able to send it using my ipsec.conf.
> conn net-to-net
>     ikev2=yes
>     ike=aes128-md5;modp1024
>     authby=secret
>     left=
>     leftsubnet=
>     leftsourceip= -----> I added this, assuming it will
> send CP payload requesting this IP address.
>     leftnexthop=%defaultroute
>     right=
>     rightsubnet=
>     rightnexthop=%defaultroute
>     auto=start

> Could someone point me to the soultion.

THAT sounds like you need to be using XAUTH.  The XAUTH extensions allow
for passing things like local address and routes and name servers.  Are
you saying you need to provide an address to them (xauth server) or that
you have to configure a local address from them (xauth client)?  I've
only putzed with the client side of that setup with Cisco ASA gateways.

> Thanks,
> Prashant

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20111122/bfc39a98/attachment.bin 

More information about the Users mailing list