[Openswan Users] Update - openswan problems

Douglas Sterner DSterner at arnoldtrans.com
Tue Feb 22 09:26:23 CET 2005


I fixed the first problem with the network connection going Resource 
Unavailble

Could someone tell me if these config files are going to work for an 
L2TP/IPSEC setup for my roadwarriors on dynamic ips. I would appreciate 
any help using openswan 2.3.0

Thanks

##### IPsec.conf #######

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5

version 2.0     # conforms to second version of ipsec.conf specification

# sample VPN connection

config setup
        forwardcontrol=yes
        interfaces="ipsec0=eth1"
        nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/24

conn %default
        authby=rsasig
        compress=yes
        disablearrivalcheck=no
        keyingtries=1
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.10.0/255.255.255.0
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        auto=start
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.com.pem
        leftprotoport=17/1701
        pfs=no
        right=%any
        rightprotoport=17/1701
        type=tunnel

conn roadwarrior-l2tp-oldwin
        left=%defaultroute
        leftcert=chpas-linuxvpn.mydomain.com.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv  ?? Is this right
        pfs=no
        auto=add

#sample#                # To authorize this connection, but not actually 
start it, at startup,
#sample#                # uncomment this.
#sample#                #auto=start

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf



####### no_oe.conf ###########

# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore


######  options.l2tpd

pcp-accept-local
ipcp-accept-remote
ms-dns 192.168.10.34
ms-wins 192.168.10.34
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
nologfd


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050222/2eea1240/attachment.htm


More information about the Users mailing list