[vpn-help] -12 against ipsec-tools 0.6.6
Matthew Grooms
mgrooms at shrew.net
Thu Jul 27 15:03:21 CDT 2006
Peter Eisch wrote:
> On 7/27/06 2:12 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
>
> Is the message that requests the network this:
>
> WARNING: Ignored attribute 28678
>
Attribute 28678 is for local lan ( or split exclude ). It gets ignored
when the server is configured otherwise. I will correct this in the
client but there is no ill effect besides the log message.
>
> Might I propose that if the client doesn't get a split network config from
> the server that the rule be added to encrypt everything _except_ the
> server:port much like the phase1-up.sh does with racoon as a client?
>
What you are describing is option (2). The Shrew Soft client expects
parity between server and client configuration. Its up to you to select
the correct option for your racoon config. What the client doesn't do
*yet* is alert you when there is a configuration mismatch.
I assume you selected the split include method. Is it working for you now?
Thanks,
-Matthew
More information about the vpn-help
mailing list