RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD

• Next message: John Hardin: "Re: [Users] viruses on the list"
• Previous message: Ad Koster: "Re: [Users] vpn between freeswan+x509 and freeswan"
• Next in thread: Joe Patterson: "RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD"
• Reply: Joe Patterson: "RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 
You ask, "What if the guy comes home and he gets a DHCP address? Has
Anyone had the same problem?"
 
I recently realized there's an ugly, but otherwise perfect solution,
duplicating the block for every IP address that the client computer
could have on their subnet. I've never need more than three duplicates:
 
conn plubbers2
        right=%any
        rightsubnet=192.168.2.22/32
        leftsubnet=10.0.0.0/24
        rightcert=plubbers.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem

conn plubbers3
        right=%any
        rightsubnet=192.168.2.22/33
        leftsubnet=10.0.0.0/24
        rightcert=plubbers.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem

conn plubbers4
        right=%any
        rightsubnet=192.168.2.22/34
        leftsubnet=10.0.0.0/24
        rightcert=plubbers.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem

conn plubbers5
        right=%any
        rightsubnet=192.168.2.22/35
        leftsubnet=10.0.0.0/24
        rightcert=plubbers.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem

-Jim
 

        -----Original Message-----
        From: Vasiliy Boulytchev [mailto:vasiliy_at_boulytcheva.com]
        Sent: Thursday, May 09, 2002 10:57 PM
        To: Vasiliy Boulytchev
        Cc: users_at_lists.freeswan.org
        Subject: Re: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD
        
        
        THIS FIXED THE PROBLEM!!!! Why do I have to route like this?
What if the guy comes home and he gets a DHCP address?
        Has Anyone had the same problem?
         
        conn plubbers2
                right=%any
                rightsubnet=192.168.2.22/32
                leftsubnet=10.0.0.0/24
                rightcert=plubbers.coinfotech.com.pem
                leftcert=bluespruce.coinfotech.com.pem
        
        Vasiliy Boulytchev
        Colorado Information Technologies Inc.

                ----- Original Message -----
                From: Vasiliy Boulytchev
<mailto:vasiliy_at_boulytcheva.com>
                To: users_at_lists.freeswan.org
                Sent: Thursday, May 09, 2002 8:08 PM
                Subject: [Users] /var/log/secure

                Guys, what does this mean?
                 
                May 9 20:07:19 bluespruce Pluto[23123]: "plubbers2"
63.230.76.61 #7: cannot respond to IPsec SA request because no
connection is known for 10.0.0.0/24===209.12.32.66[C=US, ST=Colorado,
L=Colorado Springs, O=Colorado Information Technologies, Inc., OU=ISP,
CN=BlueSpruce, E=admin_at_bluespruce.coinfotech.com]...63.230.76.61[C=US,
ST=CO, L=Colorado Springs, O=CIT, OU=Software Development, CN=Paul,
E=plubbers_at_coinfotech.com]===192.168.3.3/32
                
                Vasiliy Boulytchev
                Colorado Information Technologies Inc.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John Hardin: "Re: [Users] viruses on the list"
• Previous message: Ad Koster: "Re: [Users] vpn between freeswan+x509 and freeswan"
• Next in thread: Joe Patterson: "RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD"
• Reply: Joe Patterson: "RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST