[Openswan Users] Right - Not working
gerhard.reuter at bayer.com
Fri Nov 28 01:10:19 EST 2014
have had a similar issue - could get it back to work by adding "rightsubnet" parameter.
hope that helps
Von: users-bounces at lists.openswan.org [mailto:users-bounces at lists.openswan.org] Im Auftrag von Dominic Wiersma
Gesendet: Freitag, 28. November 2014 00:26
An: users at lists.openswan.org
Betreff: [Openswan Users] Right - Not working
I have openswan running and all is working well.
Due to a design change, I want only specific hosts to be able to connect.
So in my ipsec.conf I have changed right=%any to right=188.8.131.52, which is the public ip of the remote client that must connect.
But then nothing happens, no errors in the logs, no nothing. On the client the connection simply times out. I am troubleshooting this problem for hours now.
What can cause this behavior?
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade")workaround for IPsec
#contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through which a client connects.
#decide which protocol stack is going to be used.
# Send a keep-alive packet every 60 seconds.
#shared secret. Use rsasig for certificates.
#the ipsec tunnel should be started and routes created when the ipsec daemon itself starts.
#Only negotiate a conn. 3 times.
# specifies the phase 1 encryption scheme, the hashing algorithm, and the diffie-hellman group. The modp1024 is for Diffie-Hellman 2. Why 'modp' instead of dh? DH2is a 1028 bit encryption $
#because we use l2tp as tunnel protocol
#fill in server IP above
# Dead Peer Dectection (RFC 3706) keepalives delay
# length of time (in seconds) we will idle without hearing either an R_U_THERE poll from our peer, or an R_U_THERE_ACK reply.
# When a DPD enabled peer is declared dead, what action should be taken. clear means the eroute and SA with both be cleared.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users