[Openswan Users] leftsubnets & rightsubnets

Fangtu Qiu qiu at jhu.edu
Thu Oct 27 16:24:51 EDT 2011 

Oh, didn't think about the "add" in your suggestion. I tried the 
command. Here is the output:

# ipsec auto --add net
023 address family inconsistency in this/that connection
037 attempt to load incomplete connection
#

My connection config is the following:

conn net
         type=tunnel
         left=172.16.0.1
         leftid=@router
         leftnexthop=172.16.0.2
         leftsubnets={ 192.168.0.0/24 172.16.0.0/24 }
         # rsakey AQPRNfYMr
         leftrsasigkey=...
         right=172.16.10.2
         rightid=@server1
         rightnexthop=172.16.10.1
         # rsakey AQPRNfYMr
         rightrsasigkey=...
         auto=add

My LAN interface is 192.168.0.1/24 and WAN interface is 172.16.0.1/24. 
The connection worked when I replaced the "leftsubnets={...}" with 
either "leftsubnet=192.168.0.0/24" or "leftsubnet=172.16.0.0/24".

Thanks!

On 10/27/2011 01:44 PM, Paul Wouters wrote:
>
> that's why i asked you to run the "add". It will either work, or tell 
> you very
> clearly why it failed.
>
> Paul
>
> On Thu, 27 Oct 2011, Fangtu Qiu wrote:
>
>> Date: Thu, 27 Oct 2011 13:10:50
>> From: Fangtu Qiu <qiu at jhu.edu>
>> Cc: users at openswan.org
>> To: Paul Wouters <paul at xelerance.com>
>> Subject: Re: [Openswan Users] leftsubnets & rightsubnets
>> X-Spam-Flag: NO
>>
>> Since the connection wasn't added, result to run "ipsec auto --up" is 
>> 021 no connection named "...".
>>
>> Thanks!
>>
>> On 10/26/2011 03:03 PM, Paul Wouters wrote:
>>> On Wed, 26 Oct 2011, Fangtu Qiu wrote:
>>>
>>>> Has anybody tried the leftsubnets and/or rightsubnets options to 
>>>> specify
>>>> multiple subnets for a connection?
>>>>
>>>> I have tried to use it as following:
>>>>
>>>> leftsubnets={ 192.168.0.0/24 172.16.1.0/24 }
>>>>
>>>> However, when I restarted the pluto, the log said something extra:
>>>>
>>>> ... pluto[1953]: myid malformed: empty string ""
>>>>
>>>> And the connection wasn't added.
>>>
>>> That's unrelated (and harmless)
>>>
>>> run: ipsec auto --add connectionname and see what the error is
>>>
>>> Paul
>>

More information about the Users mailing list