Re: [Users] Problem with Freeswan2.05 (2.4.26-grsec) Debian woody

Hallo Andreas Steffen,

am Donnerstag, 29. April 2004 um 21:10 schrieben Sie:

AS> Everything points to a syntax error in the connection definition.
AS> Is it true that
AS>     ipsec auto --status

000 %myid = (none)
000 debug none
000

000 "roadwarrior": 192.168.0.69...%any; unrouted; eroute owner: #0
000 "roadwarrior":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 32,32; interface: ;
000 "roadwarrior":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "roadwarrior-net": 192.168.0.0/16===192.168.0.69...%any; unrouted; eroute owner: #0
000 "roadwarrior-net":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "roadwarrior-net":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; prio: 16,32; interface: ;
000 "roadwarrior-net":   newest ISAKMP SA: #0; newest IPsec SA: #0;

AS> show neither conn roadwarrior nor roadwarrior-net.
AS> I see that leftnexthop= is missing and also leftcert=.

you are right.
i thought it gets the keys from ipsec.secret?

leftcert=<snip>.dyndns.info.pem or <snip>.dyndns.info.key ? "leftnexthop" i read this for the first time, ill google for it later

>Reinhold Plew:
>Put your 'conn roadwarrior-net' before 'conn raodwarrior' and try again.

doesn't help

-- 
Frieder 'cfreak' Kundel
mailto:cfreak@ckras.com

_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr