[Openswan Users] openswan problems

Douglas Sterner douglas_sterner at hotmail.com
Fri Feb 18 08:18:52 CET 2005 

Couple of issues starting out with this. I've been following Nate Carlsons 
guides using Suse 9.2 with OpenSwan 2.3.0 if anyone has something newer to 
follow I'm game.

1) Everytime I start IPSec my network connection becomes "Resource 
Unavailable"

2) Is my ipsec.conf even close for a roadwarrior setup using dynamic ips 
with WinXP SP2 clients.

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.10.0/255.255.255.0
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        type=transport
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.com.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        pfs=no
        auto=add

conn roadwarrior-l2tp-oldwin
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.com.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

#sample#                # To authorize this connection, but not actually 
start it, at startup,
#sample#                # uncomment this.
#sample#                #auto=start

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
-----------------------------------------------------------------------------------------------
no_oe.conf
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $



Thanks



Douglas Sterner

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the Users mailing list