[Openswan Users] newbie needs help
Paul Wouters
paul at xelerance.com
Sat Jan 21 18:22:32 CET 2006
On Fri, 20 Jan 2006, gahn wrote:
> some engineers want to access the company lab from
> remote locations via internet and we have internet
> access via regular dsl connection, with fixed ip
> address on the dsl router and doing the nat for a
> linux box (with suse 9.2 pro loaded). on this linux
> box, i am trying to build a vpn server (openswan) so
> that remote users can access the lab via the vpn
> server (openswan). here are few questions (maybe
> shallow but please be patient with newbie):
Getting things working with portforwarding is tricky.
> 1) what port(s) does openswan use? (since we are
> behind a router with heavy access lists)
udp port 500 and 4500 and proto 50.
> left is the ip address of the interface that facing
> toward internet?
Yes.
> what is the "leftid"? fqdn for the vpn server?
If you using X.509, it will be the DN of the X.509 certificate.
I recommend X.509 because PSK wioll be hard with dynamic IP's
and port forwards.
> "leftnexthop"? the box i have has three interfaces and
> each one has one network. but it does one default
> route which points to internet. so i don't have change
> this?
you can likely leave it unset, otherwise point to the direction
the traffic needs to go to, usually the default gateway.
> host #: ipsec --version
> Linux Openswan U2.2.0/K(no kernel code presently
> loaded)
>
> does that mean openswan is not loaded?
It hasnt started.
Paul
More information about the Users
mailing list