[Openswan Users]

stefano.pazzaglia at fastwebnet.it stefano.pazzaglia at fastwebnet.it
Thu Aug 4 18:41:14 CEST 2005


>You could post your ipsec.conf so that people can analyse it.

>Jacco


version 2.0     # conforms to second version of ipsec.conf specification
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        nat_traversal=yes
        #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        #keyingtries=3
        keyingtries=0
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m



conn roadwarrior-net
        leftsubnet=192.168.0.0/16
        also=roadwarrior


conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior



conn roadwarrior-l2tp
        leftsubnet=192.168.0.0/24
        leftprotoport=17/0
        rightprotoport=17/1701
        also roadwarrior

conn roadwarrior-l2tp-updatedwin
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        pfs=no
        left=%defaultroute
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add


#Disable Opportunistic Encryption

include /etc/ipsec.d/examples/no_oe.conf




More information about the Users mailing list