[Swan] Adding host to subnet VPN
Tuomo Soini
tis at foobar.fi
Mon Feb 22 15:32:08 UTC 2016
On Sun, 21 Feb 2016 20:13:38 -0500
Alex <mysqlstudent at gmail.com> wrote:
> Can I just leave out the subnet declarations where they're not
> necessary? Assuming 'arcade' (23.227.181.206) was the name of the
> roadwarrior host and its default route is 23.227.181.193:
>
> conn VPN-DGHQ-DGXO-2
> auto=start
> left=68.111.193.42
> leftnexthop=68.111.193.41
> leftsubnet=192.168.1.0/24
> leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
> CN=orion.example.com"
Here you have a problem. When ID start with @, it's ID type FQDN.
But your id is really ID_DER_ASN1_DN type, certificate subject.
Remove character "@".
> leftcert=orion
> right=23.227.181.206
> rightnexthop=23.227.181.193
> rightid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
> CN=cyclops.example.com"
Same here.
> rightcert=arcade
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Swan
mailing list