[Openswan Users] An internal VPN

John John at DMJ-Consultancy.co.uk
Thu Nov 3 10:26:50 CET 2005


Thanks, Paul. I've posted the two outputs at 
www.dmj-consultancy.me.uk/ipsec as text files.

Note: E = 0
L = 80
R = 74

Regards

J

Paul Wouters wrote:

>On Wed, 2 Nov 2005, John wrote:
>
>  
>
>>conn PJ-Local
>>   keyingtries=3
>>   auto=start
>>   authby=secret
>>   keyexchange=ike
>>   ikelifetime=1440m
>>   type=tunnel
>>   pfs=yes
>>   keylife=480m
>>   left=10.0.E.32
>>   leftsubnet=192.168.L.0/24
>>   leftnexthop=10.0.E.31
>>   leftid = 10.0.E.32
>>   right=10.0.E.31
>>   rightsubnet=192.168.R.0/24
>>   rightnexthop=10.0.E.32
>>   rightid = 10.0.E.31
>>
>>
>>At the Netgear FVS318, the VPN is configured:
>>
>>Name PJ-Local
>>Local IPSEC identifier = 10.0.E.32
>>Remote IPSEC identifier = 10.0.E.31
>>Tunnel can be accessed from - a subnet of address
>>Local start IP address = 192.168.L.0 / 24
>>Tunnel can access - a subnet of remote address
>>Remote start IP address = 192.168.R.0 / 24
>>Remote WAN IP = 10.0.E.31
>>with 3DES, preshared key, key life and IKE life time to match above.
>>
>>The Netgear's VPN status screen does show that the VPN is up but I can not get
>>a computer on one side to ping / traceroute to a device on the other (either
>>way, L->R or R->L).
>>
>>For reference, the link http://www.murphyauto.com/pdf/NG318toSwan.pdf from
>>http://wiki.openswan.org/index.php/NetGear%20FVS318 formed the basis for my
>>configuration.
>>
>>What am I doing wrong??
>>    
>>
>
>nothing as far as I can see from this. Can you put an "ipsec barf" online somewhere?
>Or run "ipsec verify" to check forwarding and NAT/firewall rules.
>
>Paul
>  
>
>>Thanks, in advance
>>
>>John
>>_______________________________________________
>>Users mailing list
>>Users at openswan.org
>>http://lists.openswan.org/mailman/listinfo/users
>>
>>    
>>
>
>  
>


More information about the Users mailing list