<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.2.2">
</HEAD>
<BODY>
# /etc/ipsec.conf - Openswan IPsec configuration file<BR>
<BR>
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample<BR>
#<BR>
# Manual: ipsec.conf.5<BR>
<BR>
<BR>
version 2.0 # conforms to second version of ipsec.conf specification<BR>
<BR>
# basic configuration<BR>
config setup<BR>
# Do not set debug options to debug configuration issues!<BR>
# plutodebug / klipsdebug = "all", "none" or a combation from below:<BR>
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"<BR>
# eg:<BR>
# plutodebug="control parsing"<BR>
# Again: only enable plutodebug or klipsdebug when asked by a developer<BR>
#<BR>
# enable to get logs per-peer<BR>
# plutoopts="--perpeerlog"<BR>
#<BR>
# Enable core dumps (might require system changes, like ulimit -C)<BR>
# This is required for abrtd to work properly<BR>
# Note: incorrect SElinux policies might prevent pluto writing the core<BR>
dumpdir=/var/run/pluto/<BR>
#<BR>
# NAT-TRAVERSAL support, see README.NAT-Traversal<BR>
nat_traversal=yes<BR>
# exclude networks used on server side by adding %v4:!a.b.c.0/24<BR>
# It seems that T-Mobile in the US and Rogers/Fido in Canada are<BR>
# using 25/8 as "private" address space on their 3G network.<BR>
# This range has not been announced via BGP (at least upto 2010-12-21)<BR>
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10<BR>
# OE is now off by default. Uncomment and change to on, to enable.<BR>
oe=off<BR>
# which IPsec stack to use. auto will try netkey, then klips then mast<BR>
protostack=netkey<BR>
# Use this to log to a file, or disable logging on embedded systems (like openwrt)<BR>
#plutostderrlog=/dev/null<BR>
<BR>
# Add connections here<BR>
<BR>
# sample VPN connection<BR>
# for more examples, see /etc/ipsec.d/examples/<BR>
#conn sample<BR>
# # Left security gateway, subnet behind it, nexthop toward right.<BR>
# left=10.0.0.1<BR>
# leftsubnet=172.16.0.0/24<BR>
# leftnexthop=10.22.33.44<BR>
# # Right security gateway, subnet behind it, nexthop toward left.<BR>
# right=10.12.12.1<BR>
# rightsubnet=192.168.0.0/24<BR>
# rightnexthop=10.101.102.103<BR>
# # To authorize this connection, but not actually start it, <BR>
# # at startup, uncomment this.<BR>
# #auto=add<BR>
conn L2TP-PSK-NAT<BR>
rightsubnet=vhost:%priv<BR>
also=L2TP-PSK-noNAT<BR>
<BR>
conn L2TP-PSK-noNAT<BR>
authby=secret<BR>
pfs=no<BR>
auto=add<BR>
keyingtries=3<BR>
rekey=no<BR>
ikelifetime=8h<BR>
keylife=1h<BR>
type=transport<BR>
left=external_ip (redacted) <BR>
leftprotoport=17/1701<BR>
leftnexthop=%defaultroute<BR>
right=%any<BR>
rightprotoport=17/%any<BR>
rightnexthop=%defaultroute<BR>
<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Gertjan Baarda <<A HREF="mailto:Gertjan%20Baarda%20%3cgertjan.baarda@gmail.com%3e">gertjan.baarda@gmail.com</A>><BR>
<B>To</B>: Steven Lokie <<A HREF="mailto:Steven%20Lokie%20%3csteven.lokie@imemories.com%3e">steven.lokie@imemories.com</A>><BR>
<B>Subject</B>: Re: [Openswan Users] Connection but no network<BR>
<B>Date</B>: Mon, 15 Apr 2013 19:04:58 +0200<BR>
<BR>
<PRE>
Post your ipsec.conf please.
Sent from my iPhone
On 15 apr. 2013, at 18:59, Steven Lokie <<A HREF="mailto:steven.lokie@imemories.com">steven.lokie@imemories.com</A>> wrote:
> So I have finally got the authentication to work, and it will now connect, but when I go to use the connection I can't actually use the network. looking at the connections it seems to be issuing the same ip for multiple devices - I'm a little confused as to how this is happening, any suggestions?
>
> _______________________________________________
> <A HREF="mailto:Users@lists.openswan.org">Users@lists.openswan.org</A>
> <A HREF="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</A>
> Micropayments: <A HREF="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A>
> Building and Integrating Virtual Private Networks with Openswan:
> <A HREF="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A>
</PRE>
</BODY>
</HTML>