[Openswan Users] newbie needs help

Paul Wouters paul at xelerance.com
Sat Jan 21 18:22:32 CET 2006

On Fri, 20 Jan 2006, gahn wrote:

> some engineers want to access the company lab from
> remote locations via internet and we have internet
> access via regular dsl connection, with fixed ip
> address on the dsl router and doing the nat for a
> linux box (with suse 9.2 pro loaded). on this linux
> box, i am trying to build a vpn server (openswan) so
> that remote users can access the lab via the vpn
> server (openswan). here are few questions (maybe
> shallow but please be patient with newbie):

Getting things working with portforwarding is tricky.

> 1) what port(s) does openswan use? (since we are
> behind a router with heavy access lists)

udp port 500 and 4500 and proto 50.

> left is the ip address of the interface that facing
> toward internet?


> what is the "leftid"? fqdn for the vpn server?

If you using X.509, it will be the DN of the X.509 certificate.
I recommend X.509 because PSK wioll be hard with dynamic IP's
and port forwards.

> "leftnexthop"? the box i have has three interfaces and
> each one has one network. but it does one default
> route which points to internet. so i don't have change
> this?

you can likely leave it unset, otherwise point to the direction
the traffic needs to go to, usually the default gateway.

> host #: ipsec --version
> Linux Openswan U2.2.0/K(no kernel code presently
> loaded)
> does that mean openswan is not loaded?

It hasnt started.


More information about the Users mailing list