Hi guys,
i know that this question may seem to be silly but, if what you want is
to establish an ipsec tunnel in a roadwarrior-fashion why don't you use
any other type of CN?
i mean, use a dyndns name, an email address, etc...
In contrary case you can use OpenVPN, that is not ipsec but will enable
you easily achieve what i think you need.
Just to finnish, 0.0.0.0 is not a good idea because you use ipsec to
setup net-to-net tunnel... Using 0.0.0.0 you likely be a vpn hub that is
something 'weird' from the security point of view.
That's my 0.02€ ;)
Regards,
jonathan
alan walters wrote:
This must have got overwritten when we sync'd to m0n0wall for their
certificate support. Do a update_file.sh
/usr/local/www/vpn_ipsec_edit.php and all should be well again (I
hope).
Scott
[alan walters]
I copyed that file from the releng branch of the cvs but stillthe same.
The box is isolated from the internet so no way to update it apart from
manually. This still produced the same error. Remote subnet bits cannot
be zero.
On 10/21/05, alan walters <[EMAIL PROTECTED]> wrote:
I know some time ago we looked at ipsec tunnels with 0.0.0.0/0
subnets.
I
upgraded to 0.86.4 and again to 0.88.0
Neither seem to support the following configuration in gui any more.
The will not work:
Localnet 192.168.1.1/24 remotegateway:
public
address
Remotenet 0.0.0.0/0
But this works :
Localnet 0.0.0.0/0 remotegateway:
public
address
Remotenet 192.168.1.1/24
Regards.
Hope you can help me with this.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
