[Openswan Users] An internal VPN
Paul Wouters
paul at xelerance.com
Thu Nov 3 03:00:00 CET 2005
On Wed, 2 Nov 2005, John wrote:
> conn PJ-Local
> keyingtries=3
> auto=start
> authby=secret
> keyexchange=ike
> ikelifetime=1440m
> type=tunnel
> pfs=yes
> keylife=480m
> left=10.0.E.32
> leftsubnet=192.168.L.0/24
> leftnexthop=10.0.E.31
> leftid = 10.0.E.32
> right=10.0.E.31
> rightsubnet=192.168.R.0/24
> rightnexthop=10.0.E.32
> rightid = 10.0.E.31
>
>
> At the Netgear FVS318, the VPN is configured:
>
> Name PJ-Local
> Local IPSEC identifier = 10.0.E.32
> Remote IPSEC identifier = 10.0.E.31
> Tunnel can be accessed from - a subnet of address
> Local start IP address = 192.168.L.0 / 24
> Tunnel can access - a subnet of remote address
> Remote start IP address = 192.168.R.0 / 24
> Remote WAN IP = 10.0.E.31
> with 3DES, preshared key, key life and IKE life time to match above.
>
> The Netgear's VPN status screen does show that the VPN is up but I can not get
> a computer on one side to ping / traceroute to a device on the other (either
> way, L->R or R->L).
>
> For reference, the link http://www.murphyauto.com/pdf/NG318toSwan.pdf from
> http://wiki.openswan.org/index.php/NetGear%20FVS318 formed the basis for my
> configuration.
>
> What am I doing wrong??
nothing as far as I can see from this. Can you put an "ipsec barf" online somewhere?
Or run "ipsec verify" to check forwarding and NAT/firewall rules.
Paul
> Thanks, in advance
>
> John
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the Users
mailing list