<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:blue;
        text-decoration:underline;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Times New Roman";
        color:blue;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'>Thanks for the configuration.. and I’m
able to make a tunnel.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'>But I’ve a doubt why leftsubnet and
rightsubnet ‘s are missing in this ipsec.conf file. Is it not required ?
And also I’m not able to ping my office PC from one of my home network
PC.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'>What changes are to be done so that I can
ping my office network pc from my home network pc other than the gateway
machine ?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'>With regards<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'>Deepak <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=blue face="Times New Roman"><span
style='font-size:12.0pt;color:blue'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Patrick Ford
[mailto:fenderdood@gmail.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Tuesday, January 16, 2007
9:08 PM<br>
<b><span style='font-weight:bold'>To:</span></b>
deepak.chopra@mind-infotech.com<br>
<b><span style='font-weight:bold'>Cc:</span></b> users@openswan.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Openswan Users] Help
for making VPN Tunnel using DynDNS on DSL Routers</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>IN the following example
I will asume that left=local and right=remote. This is just a convention, it
need nt bee this way....<br>
This is the config for the home openswan.<br>
<br>
conn here-there<br>
right=<a href="http://office.dnsalias.org"> office.dnsalias.org</a><br>
rightid=@<a href="http://office.dnsalias.org">office.dnsalias.org</a><br>
left=%defaultroute<br>
leftid=@<a href="http://home.dnsalias.org">home.dnsalias.org</a><br>
authby=secret<br>
auto=start<br>
### THE FOLLOWING LINES ARE OPTIONAL the defualt values are
already predefinied as such.<br>
keyexchange=ike<br>
esp=aes,3des<br>
keyingtries=5<br>
rekeymargin=4m<br>
auth=esp<br>
pfs=yes <br>
<br>
Here is the config for the office openswan....<br>
<br>
conn here-there<br>
right=<a href="http://office.dnsalias.org">office.dnsalias.org</a><br>
rightid=@<a href="http://home.dnsalias.org">home.dnsalias.org</a><br>
left=%defaultroute<br>
leftid=@<a href="http://office.dnsalias.org">office.dnsalias.org</a><br>
authby=secret<br>
auto=start<br>
### THE FOLLOWING LINES ARE OPTIONAL the defualt values are
already predefinied as such.<br>
keyexchange=ike<br>
esp=aes,3des<br>
keyingtries=5<br>
rekeymargin=4m<br>
auth=esp<br>
pfs=yes<br>
<br>
<br>
the ipse.csecrets file for home....<br>
<a href="http://office.dnsalias.com">office.dnsalias.com</a> <a
href="http://home.dnsalias.com">home.dnsalias.com</a>: PSK "password"<br>
<br>
This should get you up and running..... BTW, is there any reason you are not
using rsasig type authentication? It way more secure. If you require help with
that I'm sure a quick dive in the the man page for ipsec.conf could help with
that.<br>
<br>
Best Regards,<br>
<br>
Patrick Ford<br>
<br>
<br>
the ipsec.secrets file for the office......<br>
<a href="http://home.dnsalias.com">home.dnsalias.com</a> <a
href="http://office.dnsalias.com">office.dnsalias.com</a>: PSK
"password"<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><span class=gmailquote><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>On 16/01/07, <b><span style='font-weight:bold'>Deepak
Chopra</span></b> <<a href="mailto:deepak.chopra@mind-infotech.com">deepak.chopra@mind-infotech.com</a>>
wrote:</span></font></span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>Dear ALL,<br>
<br>
I've a problem in setting up a VPN connections between my Home Network to my<br>
OfficeNetwork,<br>
Where 3 machines are connected to my home network and the same number of<br>
machines are installed in my office. <br>
I want to make a VPN connection on both gateways with FreeSWan using Dynamic<br>
IP Addresses.<br>
<br>
<a
href="http://192.168.1.2">192.168.1.2</a>
(eth0) <a
href="http://192.168.1.1">192.168.1.1 </a><br>
<a href="http://192.168.1.1">192.168.1.1</a> 192.168.1.2(eth0)<br>
| |
| |
| | [ ]<br>
| |
| | | |<br>
---|------->----|----Gateway Linux---|===>|-DSL Router-|------[ INTERNET <br>
]---|-DSL ROUTER-|-----|--Linux--|--<---|----<br>
| | |
| | | | [ ]<br>
| |
| |
|<br>
<a href="http://17.29.18.0/24">17.29.18.0/24</a> <a
href="http://172.29.18.1">172.29.18.1</a>
(eth1) |<br>
| | <a
href="http://192.168.10.0/24">192.168.10.0/24</a><br>
HomeNetwork <a
href="http://abc.dnsalias.net"> abc.dnsalias.net</a><br>
<a href="http://xyz.dnsalias.net">xyz.dnsalias.net</a>
| OfficeNet<br>
<br>
|<br>
<br>
<a href="http://192.168.10.1">192.168.10.1</a> (eth1)<br>
<br>
In the above mentioned Scenario, I've two DSL Routers with same <br>
configuration. Both are taking Dynamic IP address from the ISP and on both<br>
the DSL Routers I've configured the DynDNS.org user accounts (<br>
<a href="http://abc.dnsalias.net">abc.dnsalias.net</a> and <a
href="http://xyz.dnsalias.net">xyz.dnsalias.net</a>) and these DSL routers are
directly<br>
connected to the Linux (RedHat9) GateWay Machines on eth0 interface. Now I<br>
want to make a VPN Tunnel between my HomeNet and OfficeNet.<br>
<br>
Kindly suggest me how it is possible. And I'm also sending you the <br>
ipsec.conf and ipsec.secrets along with this.<br>
<br>
I'd be highly thankful to you if I'm able to connect my home network machine<br>
to my office network.<br>
<br>
<br>
Deepak Chopra<br>
<br>
<br>
<br>
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments. <br>
<br>
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus/trojan/worms/malicious
code transmitted by this email. <br>
<br>
<a href="http://www.mind-infotech.com">www.mind-infotech.com</a><br>
<br>
<br>
<br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br>
<br>
<br>
<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br clear=all>
<br>
-- <br>
<br>
"Education is what remains after one has forgotten what one has learned in
school."<br>
Albert Einstein <o:p></o:p></span></font></p>
</div>
<BR>
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus/trojan/worms/malicious code transmitted by this email.
www.mind-infotech.com
<BR></body>
</html>