[Openswan Users] (no subject)

Thu Apr 26 04:08:08 EDT 2007

Hello again!

With your help I finally succeeded to establish the SA with the remote gateway,
but still, I'm not able to do what I want. Let's me explain what my situation
is.

I have a laptop with Ubuntu 2.10 on a LAN with a pool of addresses
172.18.112.0/20 on which my laptop has an IP address 172.18.112.7.
>From this laptop I have to open an IPSec tunnel with a remote gateway which
public address is x.x.x.x. From the LAN behind this gateway I got a pool of
addresses 172.25.8.8/29.
Now I'm able to successfully establish the SA between my laptop and the remote
gateway, but I'm not able to communicate from my laptop to the remote LAN
through the IPSec tunnel.

The address of the gateway on the remote LAN is 172.20.210.50 (172.20.210.48/29)

Here is my ipsec.conf:

version 2.0

config setup
	#interfaces=%defaultroute
	nat_traversal=yes

#include /etc/ipsec.d/examples/no_oe.conf

conn toFT
	# Left security gateway, subnet behind it, next hop toward right.
	left=172.18.112.7
	leftsubnet=172.25.8.8/29

	# Right security gateway, subnet behind it, next hop toward left.
	right=x.x.x.x
	rightsubnet=172.20.210.48/29

	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
	auto=add
	aggrmode=no
	pfs=yes
	authby=secret
	keyexchange=ike
	ikelifetime=1d
	keylife=1h
	ike=aes128-sha1,aes128-md5
	esp=aes128-md5,aes128-sha1

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Can you help me by explaining what I should change or do, in order for me to be
able to use the IPSec tunnel for which I negotiated the SA from my laptop.
Because I think that my laptop both needs to be the Openswan server that
negotiates the SA for the IPSec tunnel and a client that uses this IPSec
tunnel.

Thank you a lot for your help