Hello,
I have two Dachstein IPsec gateways in place. One is a static IP, the
other is Dynamic. I can not get the VPN up. When I change the ipsecrets
file to reflect the IP assigned to the Dynamic connection it works! but as
soon as I specify it as Dynamic it doesn't. When this happens
I have two Dachstein IPsec gateways in place. One is a static IP, the
other is Dynamic. I can not get the VPN up. When I change the ipsecrets
file to reflect the IP assigned to the Dynamic connection it works! but as
soon as I specify it as Dynamic it doesn't. When this happens
Charles,
It sounds like IPSec isn't finding the proper secret to use unless the
secret is tagged with the remote IP. Are you assigning connection ID's
in
ipsec.conf? IPSec will use the IP as a default ID if you don't assign
one
manually. I typically use unresolved names as a connection ID,
/Nlynx)
Subject: [Leaf-user] Dynamic VPN Gatewy. Almost
Hello,
I have two Dachstein IPsec gateways in place. One is a static IP, the
other is Dynamic. I can not get the VPN up. When I change the ipsecrets
file to reflect the IP assigned to the Dynamic connection it works! but as
soon as I
Charles,
One other thing. The /var/log/auth.log is from the dynamic gateway as this
is the one starting the tunnel. I must not be specifing for IPsec to use
the local IP the right way in ipsec.secrets. In ipsec.conf you use
%defaultroute. What about in ipsec.secrets?
Jason Massey
Phillip
Version 1.91 I think I may scrap using the PSK and go to RSA. As Charles
pointed out, RSA does not use IPs as identifiers but rather uses the keys.
Jason Massey
___
Leaf-user mailing list
[EMAIL PROTECTED]
PROTECTED]
Subject: Re: [Leaf-user] Dynamic VPN Gatewy. Almost
From: [EMAIL PROTECTED]
Date: Thu, 25 Apr 2002 10:05:26 -0400
Charles,
It sounds like IPSec isn't finding the proper secret to use
unless the
secret is tagged with the remote IP. Are you assigning
connection ID's
On Thu, 25 Apr 2002 08:54:02 -0700
Brock Nanson [EMAIL PROTECTED] wrote:
If I recall correctly, ipsec.secrets will NOT allow a catch-all entry if
you are using preshared secrets. That's the reason you want to go to
RSA keys if you have a dynamic end to the tunnel - they will allow this,
if
You can have only one catch-all (and therefore one preshared secret) if
you are using preshared secrets. The identifier to use is %any in the
ipsec.secrets file. Like so:
%any 192.168.3.1: PSK unsecure
HTH
Chad
Yes, but that would be the ipsec.secrets entry on the static side. What
about
