[Openswan Users] Linux to Linux VPconnection

Can Akalin canakalin77 at gmail.com
Fri May 12 11:18:28 CEST 2006


Hello Paul,

Thank you for your time and help.  :)

In my network, here is what I have;

VPN Gateway (10.10.10.10)<------------> (10.10.10.1)Router
(192.168.1.203)<-------------------->
(192.168.1.109)Remote Machine

So from this perspective,

1- At VPN Gateway, which network is considered as the leftsubnet of conn
roadwarrior-net?
2-At VPN Gateway, which network is consideredas  the righ and left of conn
road warrior?
3-At Remote Machine, which network is considered as the leftsubnet of conn
roadwarrior-net?
4-At Remote Machine, which network is considered as the left and right of
conn roadwarrior?


Thank you.



On 5/11/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Thu, 11 May 2006, Can Akalin wrote:
>
> > I have a local VPN gateway that is a Suse Linux SLES kernel 2.6.5  and
> is
> > behind a router. It has  openswan v.2.4.5 installed and  It's IP address
> is
> > 10.10.10.10/24
>
> kernel 2.6.5 is really old, and likely will not work well with NETKEY
> unless
> Suse backported things.
>
> >        nat_traversal=yes
> >        virtual_private=%v4:
> 10.0.0.0/8,$v4:172.16.0.0/12,%v4:192.168.0.0/24
>
> > conn roadwarrior-net
> >        leftsubnet=10.10.10.0/24
>
> You can never specify a leftsubnet without excluding it from
> virtual_private.
> An address can only live on one end (eg either it on your server's subnet,
> or
> it can be used by a NAT router on the client, but not both)
>
> >        also=roadwarrior
> >
> > conn roadwarrior
> >        left=%defaultroute
> >        rightcert=gate.example.com.pem
> >        right=%any
>
> You cannot use both %defaultroute and %any. Specify the IP address of
> left=
>
> >        rightsubnet=vhost:%no,%priv
> >        auto=add
> >        pfs=yes
> >        rekey=no
>
> > conn roadwarrior-net
> >        leftsubnet=10.10.10.0/24
> >        also=roadwarrior
> >
> > conn roadwarrior
> >        left=192.168.1.203
> >        leftcert=gate.example.com.pem
> >        right=%defaultroute
> >        rightcert=lin.example.com.pem
> >        auto=add
> >        pfs=yes
>
> > One extra question is that I am so confused with the left, right,
> > leftsubnet, rightsubnet, leftcert, rightcert of roadwarrior section of
> the
> > ipsec.conf files. which left is which and whose's right is other's
> right?
> > Especially the rightcert and leftcert of the ipsec.conf files are so
> > confusing? Can anybody explain me this to me clearly or send me a link
> to
> > read. I did a google search on this for a couple of hours but couldn't
> find
> > a clue.
>
> You can pick either left or right for any end of the IPsec connection.
> It's up
> to you which end you call left or right. And you can make it different on
> both
> sides if you want. Traditionally people use left for Local and right for
> Remote.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>



-- 
Can Akalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060512/8a0a23e2/attachment.htm


More information about the Users mailing list