[Openswan Users] ipsec client with openswan problem
Paul Wouters
paul at xelerance.com
Sun Nov 26 13:53:44 EST 2006
On Sun, 26 Nov 2006, Chun Cui wrote:
> notebook(192.168.0.101)---> (192.168.0.1)DSL-Router(139.18.199.101)
> --Internet--> VPN-Gateway(10.0.0.0/24)
>
> how can i config the ipsec.conf to connect the vpn gateway with PSK,
> with this conf i got always the errors:
> auto=start
> left=192.168.0.101
> #left=%defaultroute
> leftid=@client
> leftsubnet=192.168.0.0/24
You cannot do this. leftsubnet is behind left, so left cannot be *in*
leftsubnet.
The easiest fix is to have your 192.168.0.1 machine do the IPsec and NAT.
The second easiest fix is to renumber the IPsec server in the nat to be
something else, eg 192.168.254.101, and make sure the NAT router still
nat's for it. Then you can use
left=192.168.254.101
leftsubnet=192.168.0.0/24
Actually, the zeroth easiest fix is to buy another $25/month DSL line,
and put the ipsec server directly on its IP.
Paul
More information about the Users
mailing list