[Openswan Users] (no subject)
steve.morard at epfl.ch
steve.morard at epfl.ch
Thu Apr 26 04:08:08 EDT 2007
Hello again!
With your help I finally succeeded to establish the SA with the remote gateway,
but still, I'm not able to do what I want. Let's me explain what my situation
is.
I have a laptop with Ubuntu 2.10 on a LAN with a pool of addresses
172.18.112.0/20 on which my laptop has an IP address 172.18.112.7.
>From this laptop I have to open an IPSec tunnel with a remote gateway which
public address is x.x.x.x. From the LAN behind this gateway I got a pool of
addresses 172.25.8.8/29.
Now I'm able to successfully establish the SA between my laptop and the remote
gateway, but I'm not able to communicate from my laptop to the remote LAN
through the IPSec tunnel.
The address of the gateway on the remote LAN is 172.20.210.50 (172.20.210.48/29)
Here is my ipsec.conf:
version 2.0
config setup
#interfaces=%defaultroute
nat_traversal=yes
#include /etc/ipsec.d/examples/no_oe.conf
conn toFT
# Left security gateway, subnet behind it, next hop toward right.
left=172.18.112.7
leftsubnet=172.25.8.8/29
# Right security gateway, subnet behind it, next hop toward left.
right=x.x.x.x
rightsubnet=172.20.210.48/29
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add
aggrmode=no
pfs=yes
authby=secret
keyexchange=ike
ikelifetime=1d
keylife=1h
ike=aes128-sha1,aes128-md5
esp=aes128-md5,aes128-sha1
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Can you help me by explaining what I should change or do, in order for me to be
able to use the IPSec tunnel for which I negotiated the SA from my laptop.
Because I think that my laptop both needs to be the Openswan server that
negotiates the SA for the IPSec tunnel and a client that uses this IPSec
tunnel.
Thank you a lot for your help
More information about the Users
mailing list