<p>Hello everyone!</p>
<p>I have a Openswan<->Cisco Router (as Client) Setup and the connection from Cisco to Openswan works perfectly.<br />
So i can work from Office1 etc. at the Main Office Net.</p>
<p>But now i want to do something from the Main Office in the Office1 Net (first i like to ping). It is necessary for Users, who likes to print in the Office1 Net from the Main Office.<br />
With the old Cisco<->Cisco configuration it worked just fine, so the Ciscos are configured right.</p>
<p>Because there are more than 1 Client Net and every Cisco has a dynamic IP, i need to setup a Roadwarriorconn.</p>
<p>Here's my ipsec.conf:<br />
-----------------------------------------------<br />
# /etc/ipsec.conf - Openswan IPsec configuration file<br />
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46 paul Exp $<br />
<br />
# This file:  /usr/share/doc/openswan/ipsec.conf-sample<br />
#<br />
# Manual:     ipsec.conf.5<br />
<br />
<br />
version 2.0     # conforms to second version of ipsec.conf specification<br />
<br />
# basic configuration<br />
config setup<br />
        # plutodebug / klipsdebug = "all", "none" or a combation from below:<br />
        # "raw crypt parsing emitting control klips pfkey natt x509 private"<br />
        # eg: plutodebug="control parsing"<br />
        #<br />
        # ONLY enable plutodebug=all or klipsdebug=all if you are a developer!!<br />
        #<br />
        # NAT-TRAVERSAL support, see README.NAT-Traversal<br />
        nat_traversal=yes<br />
        virtual_private=%v4:192.168.10.0/24,%v4:192.168.11.0/24,%v4:192.168.12.0/24,%v4:192.168.13.0/24,%v4:192.168.14.0/24,%v4:192.168.16.0/24,%v4:!192.168.1.0/24<br />
        #<br />
        # enable this if you see "failed to find any available worker"<br />
        protostack=netkey<br />
        nhelpers=0<br />
    #klipsdebug=none<br />
        plutodebug="control parsing raw emitting"<br />
    plutostderrlog=/var/log/pluto.log<br />
        interfaces=%defaultroute<br />
        uniqueids=yes<br />
    #forwardcontrol=yes<br />
<br />
# Add connections here<br />
<br />
conn %default<br />
    left=217.5.234.18<br />
    #leftnexthop=217.5.234.18<br />
    leftsubnet=192.168.1.0/24<br />
    auth=esp<br />
    esp=3des-sha1<br />
    pfs=no<br />
    ike=3des-md5-modp1024<br />
    keyingtries=%forever<br />
    ikelifetime=8h<br />
    keylife=8h<br />
    keyexchange=ike<br />
    authby=secret<br />
    disablearrivalcheck=no<br />
conn l2l<br />
    type=tunnel<br />
    leftsourceip=192.168.1.254<br />
    auto=add<br />
    right=%any<br />
    rightsubnet=vhost:%priv<br />
-----------------------------------------------</p>
<p>I tried many ways to get a Lan2Lan connection:<br />
Setting rightsubnet, rightnexthop, rightsourceip, type to transport and tried setting custom routes.<br />
I spend 2 days searching the Internet for a solution, maybe my head is too confused now and it is just a little trigger i have to set ;-)</p>
<p>I have attached the output of "ipsec barf".</p>
<p>Regards,<br />
F. Gaab</p>