[Openswan Users] single ip not a subnet for leftsubnet
Lupe Christoph
lupe at lupe-christoph.de
Thu Apr 5 04:44:11 EDT 2012
Quoting "Tuomo Soini" <tis at foobar.fi>:
> This might be the only way to support host while I'm not sure. Openswan
> doesn't support host at all - it only supports subnet. Only
> implementation I know which does use host is Checkpoint. There is ne
> idea in "host" because "host/32" is exactly same so host option is
> completely redundant.
Actually, it does. This is a network-to-single-host config I use. I believe
I have a host-to-host config somewhere, but it was a bit of a pain retrieving
this one already.
conn singlehost
auto=add
right=%defaultroute
rightsubnet=172.17.0.0/24
rightcert=/etc/ipsec.d/certs/someCert.pem
left=1.2.3.4
leftcert=/etc/ipsec.d/certs/singlehostCert.pem
leftid="C=foo, ST=foo, O=foo, OU=foo,
CN=singlehost.example.net, emailAddress=email at example.net"
leftrsasigkey=%cert
Lupe Christoph
--
| It is a well-known fact in any organisation that, if you want a job |
| done, you should give it to someone who is already very busy. |
| Terry Pratchett, "Unseen Academicals" |
More information about the Users
mailing list