[Openswan Users] net 2 net connection
Paul Wouters
paul at xelerance.com
Thu Sep 15 06:14:23 CEST 2005
On Tue, 13 Sep 2005, William Man wrote:
> Site_1. External IP 20.0.0.1. Subnet 192.168.1.0/24
> Site_2. External IP 10.0.0.1. Subnet 192.168.3.0/24
>
> Site_1 is using red hat 9, using "Linux Openswan Ucvs2002Mar11_19:19:03/K"
> Site_2 is using fedora core 3, using "Linux Openswan U2.3.1/K"
> conn net-to-net
> left=20.0.0.1
> leftsubnet=192.168.1.0/24
> leftid=@site_1.mydomain.co.uk
> leftnexthop=%defaultroute
> leftrsasigkey=XXXXXX
> right=10.0.0.1
> rightsubnet=192.168.3.0/24
> rightid=@site_2.mydomain.co.uk
> rightnexthop=%defaultroute
> rightrsasigkey=XXXX
> auto=add
That looks fine.
> #include /etc/ipsec.d/examples/no_oe.conf
Remove the "#". You want to include no_oe.conf to disable Opportunistic Encryption.
> Sep 10 22:12:15 site_2 pluto[404]: %hold otherwise handled during DNS lookup
> for Opportunistic Initiation for 192.168.3.4 to 207.46.0.27
And these are the results because you did not disable Opportunistic Encryption.
Paul
More information about the Users
mailing list