From: Sam Sgro (sam_at_freeswan.org)
Date: Wed Sep 25 2002 - 18:45:17 CEST
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 25 Sep 2002, Marc Mc Guinness wrote:
> Why is it searching for an entry for 217.80.xxx.xxx? I tried
> inserting entries for '0.0.0.0', '%any' and even '%defaultroute' to
> ipsec.secrets.
It should search for an entry for that IP address; however, "%any" should
match this without fail. This line in ipsec.secrets should work.
%any 62.138.xxx.xxx : PSK "mysecret"
I don't think this is source of your troubles.
> This is my ipsec.conf on the roadwarrior:
>
> conn spoint-admin
> left=%defaultroute
> right=62.138.xxx.xxx
> rightsubnet=192.168.0.0/24
> auto=start
Where is "authby=secret", by the way? You have specified this in the conns for
both ends of this connection? This line of output makes me think you haven't:
> Attribute OAKLEY_AUTHENTICATION_METHOD
> "spoint-admin" #1: no acceptable Oakley Transform
As an aside, are you aware that you can only use one PSK for all your
Roadwarriors - it's one of the limitiations of the IPSec protocol with
regards to shared secrets, as ID information is not available at the time the
secret needs to be available. Are you sure you don't want to try using
RSA keys, given that you're doing a FreeS/WAN-FreeS/WAN connection?
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPZHoHkOSC4btEQUtAQEuUgP+LNTfXTb7FKpIUMPNfVUk1czBVEJjuJ7v
hFgtQUFT+YLE4kks2tigqrQB/v0ABx+KUzB6ro8pBTe82rU1cj7hp42sAi/OzA3n
oWW49uEdcRHMsaMncvel8NsZX7Mq2YUKehiP6PQBoc5igqGS7I9Oq1ug6QGVtcav
RANdwl/R4cY=
=F5Iq
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Thu Sep 26 2002 - 05:20:17 CEST