<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Arial">Hi,<br>
<br>
Can you provide configuration </font></font><font size="-1"><font
face="Arial">(eg. ipsec.conf and ipsec.secrets)</font></font><font
size="-1"><font face="Arial"> with a dummy vaules ??<br>
>From the description you have specified, I think you have configuration
for same peers with different authentication mechanism.. Is it so ??<br>
<br>
Then you might need to specify IP Address pair in ipsec.secrets.<br>
<br>
Regards,<br>
Utkarsh Shah<br>
</font></font><br>
Matias Lopez Bergero wrote:
<blockquote cite="mid468923F2.8090203@udesa.edu.ar" type="cite"><br>
Hi,
<br>
<br>
Thanks a lot!
<br>
I switched the _updown script for the _updown_x509 and it adds the
firewall rules :-)
<br>
<br>
Now I have a new problem. Wen I'm using the x509 connections, the "old"
net to net connections using shared RSA, the old ones has stopped
working.
<br>
Looks like there is a conflict using both types of connection. Any
ideas on how to fix that??
<br>
<br>
Thanks again.
<br>
<br>
BR,
<br>
Matias.
<br>
<br>
Utkarsh Shah wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
You can run commends whenever connection goes up and down by specifying
it in _updown script which is usually located at /usr/lib/ipsec
<br>
and specify same updown script in your config if its not default.
<br>
<br>
Regards,
<br>
Utkarsh Shah
<br>
</blockquote>
Matias Lopez Bergero wrote:
<br>
<blockquote type="cite">Hello,
<br>
<br>
I'm being using Freeswan/Openswan for a couple of years.
<br>
I have used the gateway to gateway setup, but now, I need to setup a
<br>
road warrior config for just one user, maybe two.
<br>
I have no problem doing that config.
<br>
<br>
The vpn gateway is also a firewall, so I want to configure the
<br>
firewall(iptables) to allow only valid connections trough it, at the
<br>
FORWARD chain, that I have set default policy to DROP.
<br>
I have read trough the docs and Google, but I found nothing usable. I
<br>
found an interesting script called updown_x509, but it seams that I
<br>
cannot use that. It was written for old Pluto versions...
<br>
There is actually a way of doing this???
<br>
<br>
Other thing that I have found is some guys using L2TP. Maybe this is a
<br>
workaround for this problem... by filtering some private range???
<br>
Also I have read that someone is using the mark module of iptables. I
<br>
still have read this.
<br>
<br>
Any comments are most welcome,
<br>
Thanks.
<br>
<br>
BR,
<br>
Matias.
<br>
<br>
</blockquote>
</blockquote>
</body>
</html>