[Openswan Users] VPN over ADSL

Necati Demir ndemir at demir.web.tr
Sun Nov 20 18:15:35 CET 2005


Hi all,
I have two hosts, one of them uses dial-up and the other uses ADSL.

192.52.5.2 ===192.52.5.1(ADSL modem - a.b.c.d is external ip ) -------- 
e.f.g.h is dial-up === 192.168.0.0/24

I have two problems.
a.b.c.d can connect to e.f.g.h bu using "ipsec auto --up connection" but 
e.f.g.h can not connect to a.b.c.d. Virtual Setting are ok in ADSL 
modem. And although i can connect to a.b.c.d with the host which have 
dial-up, i can not ping 192.52.5.2.

And these are the config files, can anyone help me?

CONFIG FILE OF 192.52.5.2

version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        uniqueids=no
        
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:192.52.4.0/24,%v4:192.52.5.0/24
        klipsdebug=all
        plutodebug=all

conn %default
        keyingtries=1
        compress=no
        disablearrivalcheck=yes
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyexchange=ike

conn connection
        left=%defaultroute
        leftsubnet=192.52.5.0/24
        leftcert=host1.pem
        rightcert=host2.pem
        right=e.f.g.h
        rightsubnet=192.168.0.0/24
        auto=add
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore


conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

include /etc/ipsec.d/examples/no_oe.conf



CONFIG FILE OF e.f.g.h
version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        uniqueids=no
        
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/24,%v4:192.52.4.0/24,%v4:192.52.5.0/24
        klipsdebug=all
        plutodebug=all

conn %default
        keyingtries=1
        compress=no
        disablearrivalcheck=yes
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyexchange=ike


conn roadwarrior
        left=%defaultroute
        leftcert=host2.pem
        leftsubnet=192.168.0.0/24
        right=a.b.c.d
        rightsubnet=192.52.5.0/24
        rightcert=host1.pem
        auto=add
        pfs=yes

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

include /etc/ipsec.d/examples/no_oe.conf




More information about the Users mailing list