For the "also" parameter :
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
right=135.115.157.162
rightsubnet=192.168.0.0/16
rightnexthop=135.115.157.224
pfs=yesconn block
auto=ignoreconn private
also=blockconn private-or-clear
also=blockconn clear
also=blockconn packetdefault
also=blockconn victoria
left=24.35.38.129
leftsubnet=172.0.0.0/8
leftnexthop=24.35.38.1
esp=aes
auto=startFor the subnets, you can specify a leftsubnet=192.168.160/22, but the subnet 192.168.160.0/24 will be routed too. I don't known any other manner to specify several subnets for one connection.
You can perhaps specify several connections :
conn victoria_1
left=24.35.38.129
leftsubnet=192.168.161.0/24
leftnexthop=24.35.38.1
esp=aes
auto=startconn victoria_2
also = victoria_1
leftsubnet=192.168.162.0/24conn victoria_3
also = victoria_1
leftsubnet=192.168.163.0/24
But I never tested it, and I find it not very "elegant"...
Fabrice
Troy Aden wrote:
First of all, thanks so much for the quick reply! I am sorry to bug you a
second time but I need some baby steps here.
Can you please give me a example with the configs I provided. I need to see
the "also=common_conn_params" in terms of my config.
For example, if I had a 192.168.161.0/24, 192.168.162.0/24,192.168.163.0/24,
networks on router A side. And I wanted Router B to connect to ONLY those
subnets. Can you please type in "exactly" what I would need on both router A
(S'toon) and router B (Victoria). From that, I should be able to figure out
what I need to do to be more pricise about the Router B networks within the
172.0.0.0/8 range.
Again.Thanks in advance!!! Sorry to be a pain.
Troy.
Router A (S'toon) # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes
# defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=secret right=135.115.157.162 rightsubnet=192.168.0.0/16 rightnexthop=135.115.157.224 pfs=yes
conn block auto=ignore
conn private auto=ignore
conn private-or-clear auto=ignore
conn clear auto=ignore
conn packetdefault auto=ignore
conn victoria left=24.35.38.129 leftsubnet=172.0.0.0/8 leftnexthop=24.35.38.1 esp=aes auto=start
Router B (Victoria)
# basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes
# defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=secret right=24.35.38.129 rightsubnet=172.0.0.0/8 rightnexthop=24.35.38.1 pfs=yes
conn block auto=ignore
conn private auto=ignore
conn private-or-clear auto=ignore
conn clear auto=ignore
conn packetdefault auto=ignore
conn stoon left=135.115.157.162 leftsubnet=192.168.0.0/16 leftnexthop=135.115.157.224 esp=aes auto=start
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
