[Openswan Users] Sending Configuration Request Payload

Prashant Batra prashant0100 at gmail.com
Wed Nov 23 01:02:33 EST 2011


I need to configure a local address assigned by them.

On Wed, Nov 23, 2011 at 10:25 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Wed, 2011-11-23 at 08:48 +0530, Prashant Batra wrote:
>> Hi,
>>
>> I am trying to setup a IPSec tunnel(net-net) using openswan with IKEv2
>> as the IKE exchange protocol.
>> My tunnel setup requires an IP assignment to be given by the peer
>> gateway. So openswan should send a CP request payload requesting IP
>> address.
>> But I am not able to send it using my ipsec.conf.
>>
>> conn net-to-net
>>     ikev2=yes
>>     ike=aes128-md5;modp1024
>>     authby=secret
>>     left=198.168.68.2
>>     leftsubnet=172.16.80.0/24
>>     leftsourceip=172.16.80.1 -----> I added this, assuming it will
>> send CP payload requesting this IP address.
>>     leftnexthop=%defaultroute
>>     right=192.168.101.101
>>     rightsubnet=172.16.60.0/24
>>     rightnexthop=%defaultroute
>>     auto=start
>
>> Could someone point me to the soultion.
>
> THAT sounds like you need to be using XAUTH.  The XAUTH extensions allow
> for passing things like local address and routes and name servers.  Are
> you saying you need to provide an address to them (xauth server) or that
> you have to configure a local address from them (xauth client)?  I've
> only putzed with the client side of that setup with Cisco ASA gateways.
>
>> Thanks,
>> Prashant
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>



-- 
Prashant Batra
Follow the dreams!!


More information about the Users mailing list