[Openswan Users] Update - openswan problems
Douglas Sterner
DSterner at arnoldtrans.com
Tue Feb 22 09:26:23 CET 2005
I fixed the first problem with the network connection going Resource
Unavailble
Could someone tell me if these config files are going to work for an
L2TP/IPSEC setup for my roadwarriors on dynamic ips. I would appreciate
any help using openswan 2.3.0
Thanks
##### IPsec.conf #######
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# sample VPN connection
config setup
forwardcontrol=yes
interfaces="ipsec0=eth1"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/24
conn %default
authby=rsasig
compress=yes
disablearrivalcheck=no
keyingtries=1
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.10.0/255.255.255.0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
auto=start
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.com.pem
leftprotoport=17/1701
pfs=no
right=%any
rightprotoport=17/1701
type=tunnel
conn roadwarrior-l2tp-oldwin
left=%defaultroute
leftcert=chpas-linuxvpn.mydomain.com.pem
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv ?? Is this right
pfs=no
auto=add
#sample# # To authorize this connection, but not actually
start it, at startup,
#sample# # uncomment this.
#sample# #auto=start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
####### no_oe.conf ###########
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
###### options.l2tpd
pcp-accept-local
ipcp-accept-remote
ms-dns 192.168.10.34
ms-wins 192.168.10.34
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
nologfd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050222/2eea1240/attachment.htm
More information about the Users
mailing list