[Openswan Users] Help for freeswan road warrior on pppoe!
Paul Wouters
paul at xelerance.com
Mon Aug 1 23:02:53 CEST 2005
On Mon, 1 Aug 2005, Simon Yang wrote:
> conn test
> type=tunnel
> authby=secret
> spi=0x200
> esp=3des-md5-96
>
> espenckey=0x0c351ecf_7948f6d3_1abdf42b_77de8463_b1228d4b_ddc67c5b
> espauthkey=0x0c351ecf_7948f6d3_1abdf42b_77de8463
> pfs=no
> # Left security gateway, subnet behind it, next hop toward
> right.
> left=192.168.57.76
> leftsubnet=192.168.1.0/24
> # Right security gateway, subnet behind it, next hop toward
> left.
> right=%any
> auto=start
>
> Site B(Road Warrior Client, IPSEC.EXE):
> conn test
> left=192.168.57.75
> right=192.168.57.76
> rightsubnet=192.168.1.0/24
> spi=0x200
> esp=3des-md5-96
> espenckey=0x0c351ecf_7948f6d3_1abdf42b_77de8463_b1228d4b_ddc67c5b
> espauthkey=0x0c351ecf_7948f6d3_1abdf42b_77de8463
> presharedkey="12345"
> network=auto
> auto=start
> pfs=yes
You should not use manual keying, eg do not specify spi= or espenckey/espauthkey.
You should also try to avoid using preshared keys, and use X.509 certificates instead.
Actually, I recommend using the lsipsectgool from sourceforge.net over the ipsec.exe
tools from Marcus.
> /usr/local/lib/ipsec/_updown: `ip route add 192.168.57.75/32 via
> 192.168.57.75 dev ipsec0' failed
Try specifying a leftnexthop= to your default gateway. Openswan seems to be
confused about your default gateway.
Paul
--
"With Data mining, we can search specifically for clues"
--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension
More information about the Users
mailing list