<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 77.95pt 72.0pt 77.95pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Hi,</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>I'm setting up a VPN for my company, this is the
first time I have tried this.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Our gateway is a Bering-uClibc 2.3.1 box running Openswan
2.4.5. It has a real public IP.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>The client is a Windows XP SP2 box connecting over
GPRS (roadwarrior, NAT'ed) using pre shared keys. This machine will not connect
to the IPSec server.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>As far as I can tell this is because of the NATing of
the client. But I have followed instructions on how to resolve that problem,
but it will not go away.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Log files and configuration files follow.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Many Thanks,</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>James.</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Here is what I'm getting in my /var/log/auth.log:</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<table class=MsoTableGrid border=0 cellspacing=0 cellpadding=0 width=1584
style='width:950.4pt;border-collapse:collapse'>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>Apr 5 </span></font><font face="Courier New"><span lang=EN-GB style='font-family:"Courier New"'>14:46:04</span></font><font
face="Courier New"><span lang=EN-GB style='font-family:"Courier New"'>
gateway ipsec__plutorun: Starting Pluto subsystem...</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>Starting Pluto (Openswan
Version 1.0.9)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> including X.509
patch with traffic selectors (Version 0.9.42)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> including
NAT-Traversal patch (Version 0.6)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_CAST_CBC: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>ike_alg_register_enc():
Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>Changing to directory
'/etc/ipsec.d/cacerts'</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> Warning: empty
directory</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>Changing to directory
'/etc/ipsec.d/crls'</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> Warning: empty
directory</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>OpenPGP certificate file
'/etc/pgpcert.pgp' not found</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>listening for IKE messages</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>adding interface
ipsec0/eth0 1.2.3.4</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>adding interface
ipsec0/eth0 1.2.3.4:4500</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>loading secrets from
"/etc/ipsec.secrets"</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [FRAGMENTATION]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
initial Main Mode message received on 1.2.3.4:500 but no connection has been
authorized with policy=PSK</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [FRAGMENTATION]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>packet from 5.6.7.8:33315:
initial Main Mode message received on 1.2.3.4:500 but no connection has been
authorized with policy=PSK</span></font></p>
</td>
</tr>
<tr>
<td width=1584 valign=top style='width:950.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>Repeated until failure</span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>Here is my /etc/ipsec.conf file:</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<table class=MsoTableGrid border=0 cellspacing=0 cellpadding=0
style='border-collapse:collapse'>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># /etc/ipsec.conf - Openswan
IPsec configuration file</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># More elaborate and more
varied sample configurations can be found</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># in Openswan's
doc/examples file, in the HTML documentation, and online</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># at
http://www.openswan.org/docs/</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># basic configuration</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>config setup</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
THIS SETTING MUST BE CORRECT or almost nothing will work;</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
%defaultroute is okay for most simple cases.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> interfaces=%defaultroute</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
Debug-logging controls: "none" for (almost) none,
"all" for lots.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> klipsdebug=none</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> plutodebug=none</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
Use auto= parameters in conn descriptions to control startup actions.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> plutoload=%search</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> plutostart=%search</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
Don't wait for pluto to complete every plutostart before continuing</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> plutowait=no</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> #
Close down old connection when new one using same ID shows up.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> uniqueids=yes</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> nat_traversal=yes</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.27.0/24,%v4:!192.168.17.0/24</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Defaults for all
connection descriptions</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#conn %default</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># keyingtries=0</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># disablearrivalcheck=no</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># leftrsasigkey=%dnsondemand</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># rightrsasigkey=%dnsondemand</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># authby=secret</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># auto=add</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Example VPN connection
for the following scenario:</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># leftsubnet</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#
172.16.0.0/24---([172.16.0.1]left[10.0.0.10])---([10.0.0.1]router)-------\</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#
|</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># rightsubnet
|</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#
192.168.0.0/24--([192.168.0.1]right[10.12.12.10])---([10.12.12.1]router)-/</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#conn sample</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># # Left
security gateway, subnet behind it, next hop toward right.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># left=10.0.0.10</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># leftnexthop=10.0.0.1</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># leftsubnet=172.16.0.0/24</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># #
Right security gateway, subnet behind it, next hop toward left.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># right=10.12.12.10</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># rightnexthop=10.12.12.1</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># rightsubnet=192.168.0.0/24</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># # To
initiate this connection automatically at startup,</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># #
uncomment this:</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># #auto=start</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Configuration supporting
multiple users with any type of</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># IPsec/L2TP client. This
includes the updated Windows 2000/XP</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># (MS KB Q818043), </span></font><font
face="Courier New"><span lang=EN-GB style='font-family:"Courier New"'>Vista</span></font><font
face="Courier New"><span lang=EN-GB style='font-family:"Courier New"'> and
Mac OS X 10.3+ but excludes the</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># non-updated Windows
2000/XP.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Authenticates through a
Pre-Shared Key. Supports clients that</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># are not behind NAT. Does
not support clients that are behind NAT.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>conn L2TP-PSK</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
authby=secret</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> pfs=no</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
rekey=no</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
keyingtries=3</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> aggrmode=yes</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# ----------------------------------------------------------</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# The VPN server.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# Allow incoming connections on the external network interface.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# If you want to use a different interface or if there is no</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# defaultroute, you can use: left=your.ip.addr.ess</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
left=%defaultroute</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
leftprotoport=17/1701</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# If you insist on supporting non-updated Windows clients,</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# you can use: leftprotoport=17/%any</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# ----------------------------------------------------------</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# The remote user(s).</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# Allow incoming connections only from this IP address.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#right=234.234.234.234</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# If you want to allow multiple connections from any IP address,</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# you can use: right=%any</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
rightprotoport=17/%any</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> rightsubnet=vhost:%no,%priv</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# ----------------------------------------------------------</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
# Change 'ignore' to 'add' to enable this configuration.</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
#</span></font></p>
</td>
</tr>
<tr>
<td width=778 valign=top style='width:466.9pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>
auto=add</span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'>And finally my ipsec.secrets file:</span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span lang=EN-GB style='font-size:
12.0pt;font-family:Arial'> </span></font></p>
<table class=MsoTableGrid border=0 cellspacing=0 cellpadding=0 width=1104
style='width:662.4pt;border-collapse:collapse'>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># This file holds shared
secrets or RSA private keys for inter-Pluto</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># authentication.
See ipsec_pluto(8) manpage, and HTML documentation.</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># RSA private key for this
host, authenticating it to any other host</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># which knows the public
part. Suitable public keys, for ipsec.conf, DNS,</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># or configuration of
other implementations, can be extracted conveniently</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># with "ipsec showhostkey".</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#: RSA {</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># # --
Create your own RSA key with "ipsec rsasigkey"</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># }</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># do not change the
indenting of that "}"</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Sample /etc/ipsec.secrets
file</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># The Openswan server has
an IP address of 123.123.123.123</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Preshared Keys for two
clients with fixed IP addresses:</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#123.123.123.123
234.234.234.234: PSK "keyforoneclient"</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>#123.123.123.123
111.222.111.222: PSK "keyforanotherclient"</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># Preshared Key for
clients connecting from any IP address:</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>1.2.3.4 %any: PSK "NotTellingYou
"</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># (Line above only works
on recent versions of Openswan).</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># There is a subtle
difference with the following</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># (see also 'man ipsec.secrets')
which affects NATed</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'># clients that use a PSK:</span></font></p>
</td>
</tr>
<tr>
<td width=1104 valign=top style='width:662.4pt;padding:0cm 5.4pt 0cm 5.4pt'>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'>1.2.3.4 : PSK "NotTellingYou"</span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=3 face="Courier New"><span lang=EN-GB
style='font-size:12.0pt;font-family:"Courier New"'> </span></font></p>
</div>
</body>
</html>