[Openswan Users] help with opnswan - PIX
Probin Acharya
probin.acharya at spicenepal.com
Sun Aug 20 05:06:53 EDT 2006
I need to create a site-to-site vpn link between Openswan running on
Fedora and PIX on the other side. There are no private subnets to
connect to. Both the sites have public IPs on all machines.
Site A (Openswan on Fedora)
Public IP on openswan (Gateway): A.1.1.2/29
HTTP Server: A.1.1.3/29
ISP's router: A.1.1.1/29
Site B (Pix)
Public IP on PIX (Gateway): B.1.1.2
HTTP Server: B.1.1.3
ISP's router: B.1.1.1
I can't get the tunnel to work. /var/log/messages gives: cannot start
mytunnel. Please help.
Thanks.
- sikaru
ipsec.conf is given below.
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
#
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
# Add connections here
# sample VPN connection
conn mytunnel
type=tunnel
left=A.1.1.2
leftsubnet=A.1.1.0/29
leftnexthop=A.1.1.1
right=B.1.1.2
rightsubnet=B.1.1.0/29
rightnexthop=B.1.1.1
keyexchange=ike
ikelifetime=86400s
pfs=no
auto=start
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060820/3b53d651/attachment.html
More information about the Users
mailing list