[Openswan Users] Help for making VPN Tunnel using DynDNS on DSL Routers

Deepak Chopra deepak.chopra at mind-infotech.com
Wed Jan 17 07:09:32 EST 2007 

Thanks for the configuration.. and I'm able to make a tunnel.

But I've a doubt why leftsubnet and rightsubnet 's are missing in this
ipsec.conf file. Is it not required ? And also I'm not able to ping my
office PC from one of my home network PC.

 

What changes are to be done so that I can ping my office network pc from my
home network pc other than the gateway machine ?

 

With regards

Deepak 

 

  _____  

From: Patrick Ford [mailto:fenderdood at gmail.com] 
Sent: Tuesday, January 16, 2007 9:08 PM
To: deepak.chopra at mind-infotech.com
Cc: users at openswan.org
Subject: Re: [Openswan Users] Help for making VPN Tunnel using DynDNS on DSL
Routers

 

IN the following example I will asume that left=local and right=remote. This
is just a convention, it need nt bee this way....
This is the config for the home openswan.

conn here-there
    right= office.dnsalias.org <http://office.dnsalias.org> 
    rightid=@office.dnsalias.org
    left=%defaultroute
    leftid=@home.dnsalias.org
    authby=secret
    auto=start
    ### THE FOLLOWING LINES ARE OPTIONAL the defualt values are already
predefinied as such.
    keyexchange=ike
    esp=aes,3des
    keyingtries=5
    rekeymargin=4m
    auth=esp
    pfs=yes 
    
Here is the config for the office openswan....

conn here-there
    right=office.dnsalias.org
    rightid=@home.dnsalias.org
    left=%defaultroute
    leftid=@office.dnsalias.org
    authby=secret
    auto=start
    ### THE FOLLOWING LINES ARE OPTIONAL the defualt values are already
predefinied as such.
    keyexchange=ike
    esp=aes,3des
    keyingtries=5
    rekeymargin=4m
    auth=esp
    pfs=yes


the ipse.csecrets file for home....
office.dnsalias.com home.dnsalias.com: PSK "password"

This should get you up and running..... BTW, is there any reason you are not
using rsasig type authentication? It way more secure. If you require help
with that I'm sure a quick dive in the the man page for ipsec.conf could
help with that.

Best Regards,

Patrick Ford


the ipsec.secrets file for the office......
home.dnsalias.com office.dnsalias.com: PSK "password"

    





On 16/01/07, Deepak Chopra <deepak.chopra at mind-infotech.com> wrote:

Dear ALL,

I've a problem in setting up a VPN connections between my Home Network to my
OfficeNetwork,
Where 3 machines are connected to my home network and the same number of
machines are installed in my office. 
I want to make a VPN connection on both gateways with FreeSWan using Dynamic
IP Addresses.

                  192.168.1.2 (eth0)        192.168.1.1
<http://192.168.1.1> 
192.168.1.1        192.168.1.2(eth0)
                |        |           |    |   |        |      [          ]
|    |       |     |    |    |
---|------->----|----Gateway Linux---|===>|-DSL Router-|------[ INTERNET 
]---|-DSL ROUTER-|-----|--Linux--|--<---|----
   |            |        |           |    |   |        |      [          ]
|    |       |          |           |
17.29.18.0/24      172.29.18.1 (eth1)          |
|                  |  192.168.10.0/24
HomeNetwork                               abc.dnsalias.net
<http://abc.dnsalias.net> 
xyz.dnsalias.net       |      OfficeNet

|

192.168.10.1 (eth1)

In the above mentioned Scenario, I've two DSL Routers with same 
configuration. Both are taking Dynamic IP address from the ISP and on both
the DSL Routers I've configured the DynDNS.org user accounts (
abc.dnsalias.net and xyz.dnsalias.net) and these DSL routers are directly
connected to the Linux (RedHat9) GateWay Machines on eth0 interface. Now I
want to make a VPN Tunnel between my HomeNet and OfficeNet.

Kindly suggest me how it is possible. And I'm also sending you the 
ipsec.conf and ipsec.secrets along with this.

I'd be highly thankful to you if I'm able to connect my home network machine
to my office network.


Deepak Chopra



The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not
the intended recipient, you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately and destroy all copies of this
message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The
company accepts no liability for any damage caused by any
virus/trojan/worms/malicious code transmitted by this email. 

www.mind-infotech.com



_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 







-- 

"Education is what remains after one has forgotten what one has learned in
school."
     Albert Einstein 


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus/trojan/worms/malicious code transmitted by this email.

www.mind-infotech.com 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070117/20d459a5/attachment-0001.html

More information about the Users mailing list