Hi,
I'm using FreeS/WAN 1.91 on a Linux 2.2.19-based system. I've set up two
connections to clients with dynamic IPs (road warriors). One of them is
a FreeS/WAN 1.91 machine using RSA authentication, the other one is a
Bintec X1200 router using a preshared key (BTW, does anyone know how to
use RSA signatures with the Bintec router?).
This is my ipsec.conf:
---- begin ipsec.conf ----
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
keyingtries=1
authby=rsasig
leftrsasigkey=%search
rightrsasigkey=%search
conn conn1
leftid=@gatekeeper
left=1.2.3.4
leftnexthop=1.2.3.5
leftsubnet=10.0.0.0/8
rightid=@router-conn1
right=%any
rightsubnet=192.168.115.0/24
authby=secret
auto=add
conn conn2
leftid=@gatekeeper
leftrsasigkey=0x....
left=1.2.3.4
leftnexthop=1.2.3.5
leftsubnet=10.0.0.0/8
right=%any
rightsubnet=192.168.40.0/24
rightid=@router-conn2
rightrsasigkey=0x....
authby=rsasig
auto=add
---- end ipsec.conf ----
Everything works fine as long as I keep one connection commented out in
the configuration file. If both connections are setup up on the central
VPN gateway, all IPsec connection attempts from the outside will be
treated as if only conn2 existed and thus the server will reject conn1.
I've searched the documentation and the mailing list over and over and I
just don't see what's wrong :-/
Thanks for your help
<-gninneH<-
--
__ _ __ __ Henning Holtschneider
henning_at_loca.net
/ / ___ _______ _/ |/ /__ / /_ System Administration
/ /__/ _ \/ __/ _ `/ / -_) __/
/____/\___/\__/\_,_/_/|_/\__/\__/ ...net happens!
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:09 CEST