[vpn-help] unable to verify remote peer certificate
Stefan Bauer
stefan.bauer at cubewerk.de
Thu May 6 02:21:06 CDT 2010
Am 06.05.2010 09:05, sftf schrieb:
> Hello Stefan,
>
> Problem with routing via modeconfig partially solved.
Just received an answer from one of the main developers (strongswan)
08:38 :: Irssi: Join to #strongswan was synced in 8 secs
08:38 <sb> hi, is split-tunneling via modecfg supported?
09:10 <d12fk> sb: not yet, but i will post patches in while
> So I would like to route to two networks: 192.168.0.0/24 and 195.xxx.xxx.224/29 from roadworriors.
>
> And I write like this
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> left=195.162.52.178
> leftsubnet=192.168.0.0/24,195.xxx.xxx.224/29
> leftcert=gw.opene.ru-cert.pem
>
> And a small note from the documentation, broke my hopes:
> left|rightsubnet = <ip subnet>
> ...
> Further, IKEv2 supports multiple
> subnets separated by commas. IKEv1 only interprets the first subnet of such a definition.
>
> So pluto takes only the first subnet and ignore others.
> But racoon (IKEv1 too), unlike pluto, works normally with things like this
> mode_cfg {
> split_network include 192.168.0.0/24,195.xxx.xxx.224/29;
> }
Yes, but racoon is a different IKE-deamon.
Stefan
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
More information about the vpn-help
mailing list