[Openswan Users] Nortel interoperability questions
David Mattes
david.mattes at boeing.com
Mon May 3 12:47:20 CEST 2004
Hi,
I'm interoperating with a Nortel CES VPN server. The Nortel maintains
an address pool to allocate to connecting clients (approximately DHCP).
I'm not sure if the address is coming down as part of the ISAKMP SA
(main mode) or IPSec SA (Quick mode). Does OpenS/WAN 2.x.x have any way
of handling this address allocation mechanism for the virtual private
interface?
I'm also having a hard time specifying a static virtual private address
on the OpenS/WAN side of the connection. Here is my connection diagram
and connection specification in ipsec.conf:
|-------------------------------| |-------------|
| eth0 ipsec0 | | Router |
| 130.42.32.235 130.42.160.12 |-------| 130.42.32.1 |
| | | /24 |
|-------------------------------| |-------------|
| |
| |
| |
| |----------------| |--------------|
| | Nortel | | Router |
| | 130.42.160.10 |-------| 130.42.160.1 |
| | | | /22 |
| |----------------| |--------------|
| |
| |
| |
|--------------------------------|
| Intranet |
|--------------------------------|
conn cert
authby=rsasig
left=%defaultroute
leftsubnet=130.42.160.12/32
leftcert=foo.pem
leftid="C=us, O=b, OU=p, CN=dm"
right=130.42.160.10
rightnexthop=130.42.160.1
rightsubnet=130.42.160.0/22
rightrsasigkey=%cert
rightid="C=us, O=b, CN=nortel"
auto=add
The Nortel is also sending down long routing tables to the client
through some (Nortel/Apani client specific) [proprietary] protocol.
Does anyone know what this is or how to use it - is it part of XAuth?
Better, how about fooling the Nortel that my client runs the proprietary
client software?
Thanks,
David
More information about the Users
mailing list