Re: [Users] None OE mode and %any

From: Andreas Steffen <andreas.steffen(at)strongsec.net>
Date: Mon Sep 29 2003 - 17:05:27 EDT

right=%any without a rightid works with X.509 certificates only, because the cert will be sent by the peer, so that simultaneous connections from multiple peers are possible.

Regards

Andreas

Bernhard 'Gustl' Bauer wrote:

> Hi,
>
> I try to do none OE mode with one static IP (left) and one

>>conn block
>>    auto=ignore
>>
>>conn private
>>    auto=ignore
>>
>>conn private-or-clear
>>    auto=ignore
>>
>>conn clear-or-private
>>    auto=ignore
>>
>>conn clear
>>    auto=ignore
>>
>>conn packetdefault
>>    auto=ignore
>>
>>conn test
>>        left=
>>        leftnexthop=
>>        leftsubnet=
>>	  leftrsasigkey=0sAQOq....
>>        right=%defaultroute
>>        rightsubnet=
>>	  rightrsasigkey=0sAQN1z....
>>        auto=add

>
>
> left /etc/ipsec.conf:
>

>>conn block
>>    auto=ignore
>>
>>conn private
>>    auto=ignore
>>
>>conn private-or-clear
>>    auto=ignore
>>
>>conn clear-or-private
>>    auto=ignore
>>
>>conn clear
>>    auto=ignore
>>
>>conn packetdefault
>>    auto=ignore
>>
>>conn test
>>        left=
>>        leftnexthop=
>>        leftsubnet=
>>	  leftrsasigkey=0sAQOq....
>>        right=
>>        rightsubnet=
>>	  rightrsasigkey=0sAQN1z....
>>        auto=add

>
>
> The problem is in ipsec.conf on the left side. If I enter

-- 
=======================================================================
Andreas Steffen                   e-mail: andreas.steffen@strongsec.com
strongSec GmbH                    home:   
http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===

_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr

Received on Mon Sep 29 17:08:46 2003