IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD

From: Joe Patterson (jpatterson_at_asgardgroup.com)
Date: Fri May 10 2002 - 22:46:22 CEST

MessageI think you meant something more like
rightsubnet=192.168.2.23/32..... /33 or longer netmasks are very rare. :)
  -----Original Message-----
  From: users-admin_at_lists.freeswan.org
[mailto:users-admin_at_lists.freeswan.org]On Behalf Of James Carroll
  Sent: Friday, May 10, 2002 9:42 AM
  To: Vasiliy Boulytchev
  Cc: users_at_lists.freeswan.org
  Subject: RE: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD

  You ask, "What if the guy comes home and he gets a DHCP address? Has
Anyone had the same problem?"

  I recently realized there's an ugly, but otherwise perfect solution,
duplicating the block for every IP address that the client computer could
have on their subnet. I've never need more than three duplicates:

  conn plubbers2
          right=%any
          rightsubnet=192.168.2.22/32
          leftsubnet=10.0.0.0/24
          rightcert=plubbers.coinfotech.com.pem
          leftcert=bluespruce.coinfotech.com.pem

  conn plubbers3
          right=%any
          rightsubnet=192.168.2.22/33
          leftsubnet=10.0.0.0/24
          rightcert=plubbers.coinfotech.com.pem
          leftcert=bluespruce.coinfotech.com.pem

  conn plubbers4
          right=%any
          rightsubnet=192.168.2.22/34
          leftsubnet=10.0.0.0/24
          rightcert=plubbers.coinfotech.com.pem
          leftcert=bluespruce.coinfotech.com.pem

  conn plubbers5
          right=%any
          rightsubnet=192.168.2.22/35
          leftsubnet=10.0.0.0/24
          rightcert=plubbers.coinfotech.com.pem
          leftcert=bluespruce.coinfotech.com.pem

  -Jim

    -----Original Message-----
    From: Vasiliy Boulytchev [mailto:vasiliy_at_boulytcheva.com]
    Sent: Thursday, May 09, 2002 10:57 PM
    To: Vasiliy Boulytchev
    Cc: users_at_lists.freeswan.org
    Subject: Re: [Users] /var/log/secure FFFFIIIIXXXXEEEEEDDDDD

    THIS FIXED THE PROBLEM!!!! Why do I have to route like this? What if
the guy comes home and he gets a DHCP address?
    Has Anyone had the same problem?

    conn plubbers2
            right=%any
            rightsubnet=192.168.2.22/32
            leftsubnet=10.0.0.0/24
            rightcert=plubbers.coinfotech.com.pem
            leftcert=bluespruce.coinfotech.com.pem

    Vasiliy Boulytchev
    Colorado Information Technologies Inc.
      ----- Original Message -----
      From: Vasiliy Boulytchev
      To: users_at_lists.freeswan.org
      Sent: Thursday, May 09, 2002 8:08 PM
      Subject: [Users] /var/log/secure

      Guys, what does this mean?

      May 9 20:07:19 bluespruce Pluto[23123]: "plubbers2" 63.230.76.61 #7:
cannot respond to IPsec SA request because no connection is known for
10.0.0.0/24===209.12.32.66[C=US, ST=Colorado, L=Colorado Springs, O=Colorado
Information Technologies, Inc., OU=ISP, CN=BlueSpruce,
E=admin_at_bluespruce.coinfotech.com]...63.230.76.61[C=US, ST=CO, L=Colorado
Springs, O=CIT, OU=Software Development, CN=Paul,
E=plubbers_at_coinfotech.com]===192.168.3.3/32

      Vasiliy Boulytchev
      Colorado Information Technologies Inc.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST