[Openswan Users] Gateway Connection to remotenet

Martin Hochreiter linuxbox at wavenet.at
Mon Sep 19 08:35:40 CEST 2005 

Some additional information
My actual version is : Linux Openswan 1.0.10rc2

Config files

IPCOP1(192.168.1.103)
------------------------
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes
        
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/255.255.255.0,%v4:!192.168.3.0/255.255.255.0,%v4:!192.168.2.0/255.255.255.0

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn NAW2
        right=External IP 1
        rightsubnet=192.168.1.0/255.255.255.0
        rightnexthop=%defaultroute
        left=External IP 2
        leftsubnet=192.168.2.0/255.255.255.0
        leftnexthop=%defaultroute
        
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
        esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
        ikelifetime=8h
        keylife=8h
        compress=yes
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        pfs=yes
        authby=secret
        auto=start

conn Rw1
        left=External IP 1
        leftnexthop=%defaultroute
        leftsubnet=192.168.1.0/255.255.255.0
        right=%any
        rightsubnet=vhost:%no,%priv
        
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
        esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
        ikelifetime=1h
        keylife=8h
        dpddelay=30
        dpdtimeout=120
        dpdaction=hold
        pfs=yes
        authby=secret
        auto=add


------------------------

IPCOP2(192.168.2.6)
------------------------
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes
        
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/255.255.255.0,%v4:!172.16.12.0/255.255.255.0,%v4:!192.168.1.0/255.255.255.0

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn NAW2
        left=External IP 2
        leftnexthop=%defaultroute
        leftsubnet=192.168.2.0/255.255.255.0
        right=External IP 1
        rightsubnet=192.168.1.0/255.255.255.0
        rightnexthop=%defaultroute
        
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
        esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
        ikelifetime=8h
        keylife=8h
        compress=yes
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        pfs=yes
        authby=secret
        auto=start
------------------------

More information about the Users mailing list