<br><br>Hello all i am new using openswan and i have this situation:<br><br>openswan.i386 2.1.5-1fc2<br><br>OS: Centos 4.5<br><br>kernel:
2.6.9-42.0.3.EL<br><br>i have to do a side to side config with another company but i dont sure what are they using i guess is a something like a pix<br>cisco because the info that they give for the encryptation method that i can choose
<br><br>i choose this method:<br><span style="font-weight: bold;">Phase 1 IKE Properties:</span><br><br>Key Exchange: 3DES <br>Data Integrity : MD5<br>Renegotiate IKE SA: 1440 seconds<br>DH-Group : Group 2 ( 1024 ) <br>
Use Agressive Mode: Disable
<br><br><span style="font-weight: bold;">Phase 2 IPsec Properties:</span><br><br>Data Encryption : 3DES<br>Data Integrity : MD5<br>Perfect Forward Secrecy: Disabled<br>Renegotiate : IPSEC SA`s Every : 3600 Seconds <br>Support Site to Site Compression : Disabled
<br><br>other settings : pre-share secrets must be at least 10 alpha/numeric characters long. also, they can only be exchanged in a secure manner<br><br>====End====<br><br><br>now in my site i have only one interface ( eth0 ) with 6 public ip ( alias interface) ( eth0:1 . eth0:2...etc )
<br>and i config openswan like this :<br>config setup<br> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br> # klipsdebug=all<br> # plutodebug=dns<br><br>conn tunnelipsec
<br> type= tunnel
<br> authby= secret<br> #RRT<br> left= one_of_My_Public_IP<br> leftsubnet= <a href="http://66.232.119.0/24" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
network-public_ip/24</a><br> leftnexthop= %defaultroute
<br> #SAA<br> right= the_another_company_ip<br> rightsubnet= <span style="text-decoration: underline;">where_i_put_the_Same_IP_that_Above</span><br> rightnexthop= %defaultroute<br>
esp= 3des-md5
<br> keyexchange= ike<br> pfs= no<br> auto= start<br><br>#Disable Opportunistic Encryption<br>include /etc/ipsec.d/examples/no_oe<div id="mb_11">.conf<br><br><br>=======end=======
<br><br>now they will give me a key when i am ready for the test i guest the key is config in /etc/ipsec.secrets <br><br>so my question is : i know openswan is for connect to private network trough internet but how i can do that if in my case i dont have a private network ? what i need put in the leftsubnet: option ? i need asking for the subnet of another company too for set in some ipsec interface that will create with i connect ?
<br><br>thanks.<br><br><br><br><br></div><br><br>