From: Chris Ehlers (Chris.Ehlers_at_Mosaic-UK.com)
Date: Sun Jan 12 2003 - 20:50:27 CET
I have the following ipsec.config and the following network setup
RoadWarrior(%any)---Internet----(1.1.1.1)FreeswanGW(172.30.0.1)---InternalLA
N(172.30/16)
conn %default
keyingtries=0
authby=rsasig
pfs=yes
conn roadwarrior-gw
auto=add
type=tunnel
left=0.0.0.0
leftcert=client-cert.pem
right=1.1.1.1
rightsubnet=1.1.1.1/32
rightnexthop=1.1.1.2
rightupdown="/usr/local/lib/ipsec/_updown"
rightcert=freeswan-cert.pem
conn roadwarrior-subnet
auto=add
type=tunnel
left=%any
leftsubnet=172.30.0.1/32
leftcert=client-cert.pem
right=1.1.1.1
rightsubnet=172.30.0.0/16
rightnexthop=1.1.1.2
rightcert=freeswan-cert.pem
Now with the above configuration allows me to ping the gateway (1.1.1.1).
But not the internal network. It complains about "cannot respond to IPsec
SA request because no con
nection is known for 172.30.0.1/32===1.1.1.1" It seems to be happy when i
put an extra ip address on the ethernet addapter of the windows road warrior
and all the SA get negotiated but still does not ping. (I have also tried
and make the leftsubnet 172.30.0.0/16 but gives me pretty much the same
result.)
What is wrong?
Regards
Christiaan ehlers
N B Khan and N G Edwards were appointed Joint Administrators of Mosaic UK
Limited on 2 December 2002. The Administrators act as agents of the company
and contract without personal liability.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Jan 14 2003 - 05:21:14 CET