<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
how can both server have same config as they have different networks
and localserver' ip<br>
<br>
one with left configuration: left -> local, reight -> remote,
<div>and the other: left-> remote, right->local<br>
<br>
Regards,<br>
Utkarsh Shah<br>
</div>
<br>
<br>
Xavi Deop wrote:
<blockquote
cite="mid22fa9c0b0703081001x3de3a27cqd92d0803c06755a9@mail.gmail.com"
type="cite">
<div><br>
In both vpn servers you have the same .conf file??</div>
<div> </div>
<div>Or one with left configuration: left -> local, reight ->
remote,</div>
<div>and the other: left-> remote, right->local??</div>
<div> </div>
<div> </div>
<div>in vpn1 server, .conf file:</div>
<div> </div>
<div> left=private external ip</div>
<div> leftid=@private external ip</div>
<div> leftsubnet=ip_lan1<br>
leftnexthop=ip_private r1 (may not be needed in new version)<br>
right=ip_public remote<br>
<a href="mailto:rightid=@%20private">rightid=@ private</a>
external ip of server 2
<br>
rightsubnet=ip_lan2<br>
authby=secret<br>
auto=start<br>
</div>
<div> </div>
<div>in vpn2 server, .conf file:</div>
<div> </div>
<div> left=ip_public remote</div>
<div> leftid=@<u><font color="#0000ff">private</font></u>
external ip of server 1</div>
<div> leftsubnet=ip_lan1<br>
right=private external ip <br>
<a href="mailto:rightid=@%20private">rightid=@ private</a> external
ip</div>
<div> rightsubnet=ip_lan2</div>
<div> rightnexthop=ip_private r2<br>
authby=secret<br>
auto=start<br>
</div>
<div>Am I wrong??</div>
<div> </div>
<div>Xavi.</div>
<div> </div>
<div><br>
</div>
<div><span class="gmail_quote">2007/3/8, Utkarsh Shah <<a
href="mailto:utkarsh@elitecore.com">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">left=privateip and right
=public ip is correct.<br>
and on your adsl router you have to make few rules like<br>
anything comming on router's public ip <br>
on UDP port 500 or port 4500 should be redirected to your vpn
server's private ip which is behind your adsl router
<br>
and proto ESP should be redirected to your vpn server's private ip
which is behind your adsl router<br>
this are the rules you have to apply on both adsl routers.<br>
<br>
eg. <br>
source=any<br>
destination=router1's public ip
<br>
protocol UDP<br>
port 500/4500<br>
forward it to vpnserver1's private ip<br>
same way at other end<br>
<br>
and i think on adsl router you might have facility to disable
passthrough of vpn or ipsec<br>
and can make a rule to redirect ipsec/vpn service to a desired
destination
<div><span class="e" id="q_1112fe55a340a835_1"><br>
<br>
Regards,<br>
Utkarsh Shah<br>
<br>
Xavi Deop wrote:
<blockquote
cite="http://mid22fa9c0b0703071012id25aecame4b9b0c95f481182@mail.gmail.com"
type="cite">
<div> </div>
<div>Is this correct??</div>
<div> </div>
<div>If in vpn server1 we have: left=private ip; right= public ip.</div>
<div> </div>
<div>Shouldnt we had in vpn server: left=public ip; right=
private ip ?????</div>
<div> </div>
<div>Thanks.</div>
<div> </div>
<div>Xavi.<br>
<br>
</div>
<div><span class="gmail_quote">2007/3/7, Utkarsh Shah <<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:utkarsh@elitecore.com" target="_blank">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff">assuming "ip1_1 ip1_2"
is vpnserver1 and another is vpnserver2<br>
<br>
at vpnserver1<br>
conn vpnserver1-to-vpnserver2<br>
left=ip1_2<br>
leftid=@ip1_2<br>
leftsubnet=ip_lan1 <br>
leftnexthop=ip_r1 (may not be needed in new version)<br>
right=ip_pub2<br>
rightid=@ip2_2<br>
rightsubnet=ip_lan2<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.1.0/24" target="_blank"> </a><br>
authby=secret<br>
auto=start<br>
<br>
at vpnserver2<br>
conn vpnserver2-to-vpnserver1<br>
left=ip2_2<br>
leftid=@ip2_2<br>
leftsubnet=ip_lan2<br>
leftnexthop=ip_r2 (may not be needed in new version) <br>
right=ip_pub1<br>
rightid=@ip1_1<br>
rightsubnet=ip_lan1<br>
authby=secret<br>
auto=start<br>
<br>
<br>
Regards,<br>
<span>Utkarsh Shah</span>
<div><span><br>
<br>
Xavi Deop wrote:
<blockquote
cite="http://mid22fa9c0b0703070144j4515a2eeg9e6465e30fb3ca22@mail.gmail.com"
type="cite">
<div>Hi, thanks for your replies!!</div>
<div> </div>
<div>I'm a bit confused with the addresses, sorry...</div>
<div> </div>
<div>I have 2 ethernets in my vpn servers.</div>
<div> </div>
<div>This configuration file sample, is for one of the vpn
servers, that's right? For the otherone, there should be changes, no??</div>
<div> </div>
<div>if my scenario had:<br>
</div>
<div>LAN_1 ------ vpn server --- router adsl ------
internet---- router adsl ------- vpn server ----- LAN_2</div>
<div>ip_lan1 ip1_1 ip1_2 ip_r1
ip_pub1 ip_pub2 ip_r2 ip2_2 ip2_1 ip_lan2</div>
<div> </div>
<div>how would it be the configuration?</div>
<div> </div>
<div>what is: @leftid @rightid?? which addresses should be?</div>
<div> </div>
<div>Thanks in advance!</div>
<div> </div>
<div>Xavi.</div>
<div> </div>
<div><span class="gmail_quote">2007/3/7, Utkarsh Shah <<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:utkarsh@elitecore.com" target="_blank">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;"><br>
> Hi, I have the following scenario, and I would like to create a
vpn with<br>
> natt suport. <br>
><br>
> LAN_1 ------ vpn server --- router adsl ------ internet---- router
adsl<br>
> ----- vpn server ----- LAN_2<br>
><br>
> I've installed:<br>
> openswan-2.4.7.tar.gz<<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://www.openswan.org/download/openswan-2.4.7.tar.gz"
target="_blank"> http://www.openswan.org/download/openswan-2.4.7.tar.gz</a>><br>
><br>
> I'm working with slackware 10.1 and kernel 2.16.12<br>
><br>
> I have to install the kernell natt patch??<br>
><br>
> Could someone help me with ipsec.conf file? I've been searching
the internet<br>
> without any result...<br>
><br>
> Thanks.<br>
><br>
> Xavi<br>
i have achieved above scenario with following changes it might not be<br>
perfect solution... <br>
on adsl router apply portforwarding rules for UDP port 500 port 4500 and<br>
proto esp(50) to your vpn server on both end<br>
<br>
configure your ipsec.conf as below<br>
<br>
conn net-to-net<br>
left=<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://10.0.1.2/" target="_blank"> 10.0.1.2</a><br>
leftid=@leftid<br>
leftsubnet=<a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
right=remoteserver(domain name or ip which will identify adsl
router) <br>
rightid=@rightid<br>
rightsubnet= <a
onclick="return top.js.OpenExtLink(window,event,this)"
href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br>
authby=secret<br>
auto=start<br>
<br>
and your ipsec.secret as<br>
<br>
@leftid @rightid : PSK "your preshared key"<br>
<br>
<br>
<br>
Regards,<br>
Utkarsh Shah <br>
_______________________________________________<br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="mailto:Users@openswan.org" target="_blank">Users@openswan.org</a><br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users
</a><br>
Building and Integrating Virtual Private Networks with Openswan: <br>
<a onclick="return top.js.OpenExtLink(window,event,this)"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155"
target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br>
</blockquote>
</div>
<br>
</blockquote>
<br>
</span></div>
</div>
</blockquote>
</div>
<br>
</blockquote>
<br>
</span></div>
</div>
</blockquote>
</div>
<br>
</blockquote>
<br>
</body>
</html>