[Swan] Adding host to subnet VPN

Tuomo Soini tis at foobar.fi
Mon Feb 22 15:32:08 UTC 2016


On Sun, 21 Feb 2016 20:13:38 -0500
Alex <mysqlstudent at gmail.com> wrote:

> Can I just leave out the subnet declarations where they're not
> necessary? Assuming 'arcade' (23.227.181.206) was the name of the
> roadwarrior host and its default route is 23.227.181.193:
> 
> conn VPN-DGHQ-DGXO-2
>     auto=start
>     left=68.111.193.42
>     leftnexthop=68.111.193.41
>     leftsubnet=192.168.1.0/24
>     leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
> CN=orion.example.com"

Here you have a problem. When ID start with @, it's ID type FQDN.
But your id is really ID_DER_ASN1_DN type, certificate subject.
Remove character "@".

>     leftcert=orion
>     right=23.227.181.206
>     rightnexthop=23.227.181.193
>     rightid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
> CN=cyclops.example.com"

Same here.

>     rightcert=arcade

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>


More information about the Swan mailing list