[Openswan Users] Rhel 3 with natt patch?
Paul Wouters
paul at xelerance.com
Tue Sep 14 16:51:02 CEST 2004
On Tue, 14 Sep 2004, Nicole Hähnel wrote:
> Now I get this line and no errors:
>
> Checking NAT and MASQUERADEing [N/A]
Good.
> config setup
> interfaces="ipsec0=eth1"
> klipsdebug=none
> plutodebug=none
> uniqueids=no
> nat_traversal=yes
You are still missing a virtual_private= line
> conn lan1-lan2
> leftrsasigkey=%cert
> leftcert=vpn_cert1.pem
> leftid="/C=XX...."
> leftsubnet=172.10.0.0/16
> right=%any
> rightid="/C=XX..."
> rightsubnet=172.10.10.0/24
> rightrsasigkey=%cert
> #
> auto=add
Your networks also overlap, this might cause problems.
>
> conn %default
> authby=rsasig
> left="public ip"
> leftnexthop=xx.xx.xx.xx
> leftrsasigkey=%cert
> leftid="/C=XX..."
> #
> right=192.168.254.2
> rightid="/C=XX..."
> rightcert=vpn_cert2.pem
>
> conn lan1-lan2
> rightrsasigkey=%cert
> rightnexthop=%direct
I dont think this is a direct connect? since left is a public ip.
> leftsubnet=172.10.0.0/16
> rightsubnet=172.10.10.0/24
> rightupdown=/etc/ipsec.d/updown
I don't nkow what this does, but I dont think it should be needed.
> Is virtual_private needed or necessary?
Yes. Either that or specify subnetwithin's. I always use
virtual_private myself.
Paul
More information about the Users
mailing list