Since your using debian I would suggest using the pico command.<br><br>go to root and type <br><br>pico /etc/ipsec.conf<br><br>now you are in the ipsec.conf file and change the conf file with this.<br><br>
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title></title><meta name="GENERATOR" content="OpenOffice.org 2.0 (Linux)"><meta name="CREATED" content="20070424;12352000"><meta name="CHANGED" content="20070502;10024600">
<style type="text/css">
<!--
@page { size: 21cm 29.7cm; margin: 2cm }
P { margin-bottom: 0.21cm }
-->
</style>
<p style="margin-bottom: 0cm;">#<br># File: /etc/ipsec.conf<br>#<br>conn left-to-right<br>left=xxx.xxx.xxx.xxx #
Public Internet IP address of the<br>#
LEFT VPN device<br>leftsubnet=<a href="http://255.255.255.0/24">255.255.255.0/24</a> #
Subnet protected by the LEFT VPN device<br>leftid=@home #
FQDN of Public Internet IP address of the<br>#
LEFT VPN device with an "@"<br>leftrsasigkey=add your left key here<br>leftnexthop=xxx.xxx.xxx.xxx #
correct in many situations<br>right=xxx.xxx.xxx.xxx #
Public Internet IP address of<br># the
RIGHT VPN device<br>rightsubnet=<a href="http://255.255.255.0/24">255.255.255.0/24</a> #
Subnet protected by the RIGHT VPN device<br>rightid=@work #
FQDN of Public Internet IP address of the<br>#
RIGHT VPN device with an "@"<br>rightrsasigkey=add your right key here<br>rightnexthop=xxx.xxx.xxx.xxx #
correct in many situations<br>auto=start #
authorizes and starts this connection<br># on
booting</p>
<br><br>Now change all the xxx marks with your I.p adresses and hops!!! Remember gateway goes left peer goes right.<br><br>greetings and goodluck,<br><br>Tjeard Attema<br><br><br><br><div><span class="gmail_quote">On 5/23/07,
<b class="gmail_sendername">James</b> <<a href="mailto:james@nttmcl.com">james@nttmcl.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Paul Wouters wrote:<br>> On Tue, 22 May 2007, James wrote:<br>><br>><br>>> I have a fresh install of openswan in debian and let it run a self<br>>> signed key<br>>><br>>> the key is in /etc/ipsec.d/private/host.pem
<br>>><br>>> the /etc/ipsec.secrets has<br>>> : RSA /etc/ipsec.d/private/host.pem<br>>><br>>> i run<br>>> ipsec showhostkey --left<br>>><br>>> and it gives<br>>> ipsec showhostkey: no default key in "/etc/ipsec.secrets"
<br>>><br>><br>> ipsec showhostkey shows the public key of a raw RSA key, not the public key<br>> within an X.509 certificate.<br>><br>> Paul<br>><br>where do i find instructions for using an x.509
cert then?<br>Cause the documentation seems a bit abridged as for things go.<br><br>especially since if i don't know what the public key is i dunno how i'm<br>gonna set the ipsec.conf file.<br><br>TIA<br>_______________________________________________
<br><a href="mailto:Users@openswan.org">Users@openswan.org</a><br><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><br>Building and Integrating Virtual Private Networks with Openswan:
<br><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></blockquote></div><br>