[Openswan Users] Fedora Core2, Openswan 2.2.x, VPN & NAT-T

Roberto Fichera kernel at tekno-soft.it
Mon Nov 8 11:38:14 CET 2004


At 18.54 05/11/2004, you wrote:

>Hi All,
>
>I would like to configure a box with Fedora Core2 (kernel 2.6.8-1.521) + 
>Openswan 2.2.x
>as VPN gateway behind to an Zyxel 652R-11 ADSL router, but I don't know
>how to setup Openswan to make it work. What ipsec.conf I've to write?
>I guess that I've to use some NAT-T config. My configuration is the follow :
>
>Head Quarter:
>FC2+OW22 (192.168.0.253) <--> Z652R11( LAN:192.168.0.254, 
>WAN:1StaticIP)  <--> Internet
>
>Office A:
>Internet <--> Z652R11( WAN:1StaticIP, LAN:192.168.1.254) <---> 192.168.1.0/24
>
>Office B:
>Internet <--> Z652R11( WAN:1StaticIP, LAN:192.168.2.254) <---> 192.168.2.0/24
>
>and so on ;-)!
>
>The Zyxel have the default NAT setup as 192.168.0.253, on HQ side, so 
>every packet should be
>redirected on FC2 box, I hope ;-)!

I've resolved my problem :-)! Currently I've got it working nicely!

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
         # klipsdebug=none
         # plutodebug="control parsing"
         uniqueids=yes
         interfaces=%defaultroute
         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
         disablearrivalcheck=no
         authby=rsasig
         #        leftrsasigkey=%cert
         #        rightrsasigkey=%cert
         ikelifetime=3600s
         keyingtries=0

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

conn Office1
         left=%defaultroute
         leftsubnet=192.168.0.0/24
         right=StaticIP
         rightsubnet=192.168.1.0/24
         pfs=yes
         disablearrivalcheck=no
         auto=start
         authby=secret
         keylife=3610s

conn Office2
         left=%defaultroute
         leftsubnet=192.168.0.0/24
         right=StaticIP
         rightsubnet=192.168.2.0/24
         pfs=yes
         disablearrivalcheck=no
         auto=start
         authby=secret
         keylife=3610s

etc etc

Finally, how can I disable this log message?

Nov  8 11:26:39 vpn pluto[28152]: "Office1" #1: I did not send a 
certificate because I do not have one.



>Thanks in advance.
>
>Roberto Fichera.
>_______________________________________________
>Users mailing list
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users

Roberto Fichera. 



More information about the Users mailing list