Troy
Troy Aden wrote:
Hello again. I have fought with this for a week now and I must be missing something.try to put the connection referencet to by the also statement at the end of your file
First of all, if I use a conn statement that has "%defaultroute" for right=,
I get an error that the statement does not exist. However, if I use a
right=(IP) and rightnexthop=(gateway), the conn statement works fine. Can
anyone explain this?
But... Non of the conn statements below work. My guess is that the conn
statements that contain the "also=" parameter must be missing something. So
I added esp=aes and auto=start or auto=add depending on the side of the
connection. Still no joy. Can anyone please tell me what I am doing wrong here? If you need error
logs, I can provide them.
here are the files I use, it's still 1.99 but it should not matter
>>>>>>>>>>>>>>>> kerberos
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
#plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=rsasig leftrsasigkey=%dns rightrsasigkey=%dns
include /etc/ipsec.d/connections/test
>>>>>>>>>>>>>>>>> /etc/ipsec.d/connections/test
# # this is the barebone description of multiple connections through # the same ipsec endpoints #
conn test_to_dmz also=test leftsubnet=195.141.2.160/27 auto=add
conn test
ike=aes
esp=aes
left=%defaultroute
leftcert=aspcert.pem
leftrsasigkey=%cert
right=%any
rightsubnet=10.250.99.0/24
rightrsasigkey=%cert
rightid="C=CH,L=Schlieren,O=RUF Gruppe,OU=ASP Plus,CN=test.asp.ruf.ch"
keylife=10m
rekeymargin=3m
rekeyfuzz=150%
>>>>>>>>>>>>>>>>>>>>>
right = remote left = local
HTH
Erich
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html