[Openswan Users] Fedora Core2, Openswan 2.2.x, VPN & NAT-T
Roberto Fichera
kernel at tekno-soft.it
Mon Nov 8 11:38:14 CET 2004
At 18.54 05/11/2004, you wrote:
>Hi All,
>
>I would like to configure a box with Fedora Core2 (kernel 2.6.8-1.521) +
>Openswan 2.2.x
>as VPN gateway behind to an Zyxel 652R-11 ADSL router, but I don't know
>how to setup Openswan to make it work. What ipsec.conf I've to write?
>I guess that I've to use some NAT-T config. My configuration is the follow :
>
>Head Quarter:
>FC2+OW22 (192.168.0.253) <--> Z652R11( LAN:192.168.0.254,
>WAN:1StaticIP) <--> Internet
>
>Office A:
>Internet <--> Z652R11( WAN:1StaticIP, LAN:192.168.1.254) <---> 192.168.1.0/24
>
>Office B:
>Internet <--> Z652R11( WAN:1StaticIP, LAN:192.168.2.254) <---> 192.168.2.0/24
>
>and so on ;-)!
>
>The Zyxel have the default NAT setup as 192.168.0.253, on HQ side, so
>every packet should be
>redirected on FC2 box, I hope ;-)!
I've resolved my problem :-)! Currently I've got it working nicely!
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
uniqueids=yes
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
disablearrivalcheck=no
authby=rsasig
# leftrsasigkey=%cert
# rightrsasigkey=%cert
ikelifetime=3600s
keyingtries=0
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
conn Office1
left=%defaultroute
leftsubnet=192.168.0.0/24
right=StaticIP
rightsubnet=192.168.1.0/24
pfs=yes
disablearrivalcheck=no
auto=start
authby=secret
keylife=3610s
conn Office2
left=%defaultroute
leftsubnet=192.168.0.0/24
right=StaticIP
rightsubnet=192.168.2.0/24
pfs=yes
disablearrivalcheck=no
auto=start
authby=secret
keylife=3610s
etc etc
Finally, how can I disable this log message?
Nov 8 11:26:39 vpn pluto[28152]: "Office1" #1: I did not send a
certificate because I do not have one.
>Thanks in advance.
>
>Roberto Fichera.
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
Roberto Fichera.
More information about the Users
mailing list