[Openswan Users] Examples for config in Windows Roadwarrier
setup
Nate Carlson
natecars at natecarlson.com
Wed Aug 4 17:03:36 CEST 2004
On Tue, 3 Aug 2004, Eric Anderson wrote:
> Given the above info what would I need to put into /etc/ipsec.conf to
> get Openswan to handle the IPSec part (obviously I would need to get
> l2tpd and ppp working still)?
I'm assuming that you're referring to 'left' as the Openswan box, and
'right' as the Windows box. You can swap these around at will; that's
partially why people get confused so easily. :)
conn l2tp
left=%defaultroute
leftcert=<your_certificate>
leftprotoport=17/0
right=%any
rightprotoport=17/1701
auto=add
That's all there is to it. %defaultroute will automatically pick up the
proper IP address of your external interface, and you don't need to
specify the local subnet since you are going to be using L2TP. You may
also need another connection with leftprotoport=17/1701, depending on what
patches you have applied to Windows.
> I have been mostly following the instructions at
> http://www.jacco2.dds.nl/networking/freeswan-l2tp.html so far but I
> cannot seem to be able to get ipsec setup properly. Also what holes do I
> need to put in iptables to make sure that none of the IPSec stuff is
> getting dropped? I can't seem to find a definitive source for what
> ports/protocols IPSec uses so I can open those up.
You'll need:
500/udp
4500/udp (if using NAT traversal anywhere)
ESP (Protocol 50)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list