[Openswan Users] WLAN IPsec implementation

Fri May 13 14:09:58 CEST 2005

On Thu, 12 May 2005, Zach wrote:

> config setup
>        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>        klipsdebug=none
>        plutodebug=all
>        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>        nat_traversal=yes  < - does the same if off
> # Add connections here
>
>        # Left security gateway, subnet behind it, next hop toward right.
> conn %default
>        left=192.168.2.1
>        leftsubnet=192.168.2.1/32

You should not make your leftsubnet the same as your elft. Then leave it out.

> conn wireless
>        leftprotoport=17/1701
>        rightprotoport=17/1701

Are you doing L2TP??? Why? I dont think you want these

>        pfs=no

You want pfs=yes if possible (not using l2tp)

>        rekey=no
>
>        right=%any
>
>        rightsubnet=vhost:%no,%priv

This only works with natt enabled.

>        auto=add

> conn conntointernet
>
>        leftsubnet=0.0.0.0/0
>
>        also=wireless
>
>
>
> #Disable Opportunistic Encryption
>
> include /etc/ipsec.d/examples/no_oe.conf

> Anyone know what might be going on there? Any help would be greatly
> appreciated.

Have a look at our wavesec examples on ftp.openswan.org. I am not
sure what you are trying to do, it seems you want to use L2TP to
build a secure wireless. But if you use L2TP, your ipsec part should
only build a host-host tunnel, and the l2tp/ppp daemons will do
the tunneling of all traffic over it. I am not sure if this works
with throwing all traffic over the l2tp/ppp link. Perhaps Jacco knows?

Paul

>
> Regards, Zach
>
>
>
> ------------------------------------------------
>
> PGP public key:
>
> http://www.zerobit.net/zach.asc
>
>
>
> KeyID:
>
> 0x98DEBD82
>
>
>
>
>
>