[Openswan Users] openswan problems
Douglas Sterner
douglas_sterner at hotmail.com
Fri Feb 18 08:18:52 CET 2005
Couple of issues starting out with this. I've been following Nate Carlsons
guides using Suse 9.2 with OpenSwan 2.3.0 if anyone has something newer to
follow I'm game.
1) Everytime I start IPSec my network connection becomes "Resource
Unavailable"
2) Is my ipsec.conf even close for a roadwarrior setup using dynamic ips
with WinXP SP2 clients.
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.10.0/255.255.255.0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
type=transport
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.com.pem
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
pfs=no
auto=add
conn roadwarrior-l2tp-oldwin
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.com.pem
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
#sample# # To authorize this connection, but not actually
start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
-----------------------------------------------------------------------------------------------
no_oe.conf
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
Thanks
Douglas Sterner
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Users
mailing list