[Openswan Users] An internal VPN
John
John at DMJ-Consultancy.co.uk
Thu Nov 3 10:26:50 CET 2005
Thanks, Paul. I've posted the two outputs at
www.dmj-consultancy.me.uk/ipsec as text files.
Note: E = 0
L = 80
R = 74
Regards
J
Paul Wouters wrote:
>On Wed, 2 Nov 2005, John wrote:
>
>
>
>>conn PJ-Local
>> keyingtries=3
>> auto=start
>> authby=secret
>> keyexchange=ike
>> ikelifetime=1440m
>> type=tunnel
>> pfs=yes
>> keylife=480m
>> left=10.0.E.32
>> leftsubnet=192.168.L.0/24
>> leftnexthop=10.0.E.31
>> leftid = 10.0.E.32
>> right=10.0.E.31
>> rightsubnet=192.168.R.0/24
>> rightnexthop=10.0.E.32
>> rightid = 10.0.E.31
>>
>>
>>At the Netgear FVS318, the VPN is configured:
>>
>>Name PJ-Local
>>Local IPSEC identifier = 10.0.E.32
>>Remote IPSEC identifier = 10.0.E.31
>>Tunnel can be accessed from - a subnet of address
>>Local start IP address = 192.168.L.0 / 24
>>Tunnel can access - a subnet of remote address
>>Remote start IP address = 192.168.R.0 / 24
>>Remote WAN IP = 10.0.E.31
>>with 3DES, preshared key, key life and IKE life time to match above.
>>
>>The Netgear's VPN status screen does show that the VPN is up but I can not get
>>a computer on one side to ping / traceroute to a device on the other (either
>>way, L->R or R->L).
>>
>>For reference, the link http://www.murphyauto.com/pdf/NG318toSwan.pdf from
>>http://wiki.openswan.org/index.php/NetGear%20FVS318 formed the basis for my
>>configuration.
>>
>>What am I doing wrong??
>>
>>
>
>nothing as far as I can see from this. Can you put an "ipsec barf" online somewhere?
>Or run "ipsec verify" to check forwarding and NAT/firewall rules.
>
>Paul
>
>
>>Thanks, in advance
>>
>>John
>>_______________________________________________
>>Users mailing list
>>Users at openswan.org
>>http://lists.openswan.org/mailman/listinfo/users
>>
>>
>>
>
>
>
More information about the Users
mailing list