[Openswan Users] Help for making VPN Tunnel using DynDNS on DSL Routers
Deepak Chopra
deepak.chopra at mind-infotech.com
Wed Jan 17 07:09:32 EST 2007
Thanks for the configuration.. and I'm able to make a tunnel.
But I've a doubt why leftsubnet and rightsubnet 's are missing in this
ipsec.conf file. Is it not required ? And also I'm not able to ping my
office PC from one of my home network PC.
What changes are to be done so that I can ping my office network pc from my
home network pc other than the gateway machine ?
With regards
Deepak
_____
From: Patrick Ford [mailto:fenderdood at gmail.com]
Sent: Tuesday, January 16, 2007 9:08 PM
To: deepak.chopra at mind-infotech.com
Cc: users at openswan.org
Subject: Re: [Openswan Users] Help for making VPN Tunnel using DynDNS on DSL
Routers
IN the following example I will asume that left=local and right=remote. This
is just a convention, it need nt bee this way....
This is the config for the home openswan.
conn here-there
right= office.dnsalias.org <http://office.dnsalias.org>
rightid=@office.dnsalias.org
left=%defaultroute
leftid=@home.dnsalias.org
authby=secret
auto=start
### THE FOLLOWING LINES ARE OPTIONAL the defualt values are already
predefinied as such.
keyexchange=ike
esp=aes,3des
keyingtries=5
rekeymargin=4m
auth=esp
pfs=yes
Here is the config for the office openswan....
conn here-there
right=office.dnsalias.org
rightid=@home.dnsalias.org
left=%defaultroute
leftid=@office.dnsalias.org
authby=secret
auto=start
### THE FOLLOWING LINES ARE OPTIONAL the defualt values are already
predefinied as such.
keyexchange=ike
esp=aes,3des
keyingtries=5
rekeymargin=4m
auth=esp
pfs=yes
the ipse.csecrets file for home....
office.dnsalias.com home.dnsalias.com: PSK "password"
This should get you up and running..... BTW, is there any reason you are not
using rsasig type authentication? It way more secure. If you require help
with that I'm sure a quick dive in the the man page for ipsec.conf could
help with that.
Best Regards,
Patrick Ford
the ipsec.secrets file for the office......
home.dnsalias.com office.dnsalias.com: PSK "password"
On 16/01/07, Deepak Chopra <deepak.chopra at mind-infotech.com> wrote:
Dear ALL,
I've a problem in setting up a VPN connections between my Home Network to my
OfficeNetwork,
Where 3 machines are connected to my home network and the same number of
machines are installed in my office.
I want to make a VPN connection on both gateways with FreeSWan using Dynamic
IP Addresses.
192.168.1.2 (eth0) 192.168.1.1
<http://192.168.1.1>
192.168.1.1 192.168.1.2(eth0)
| | | | | | [ ]
| | | | | |
---|------->----|----Gateway Linux---|===>|-DSL Router-|------[ INTERNET
]---|-DSL ROUTER-|-----|--Linux--|--<---|----
| | | | | | | [ ]
| | | | |
17.29.18.0/24 172.29.18.1 (eth1) |
| | 192.168.10.0/24
HomeNetwork abc.dnsalias.net
<http://abc.dnsalias.net>
xyz.dnsalias.net | OfficeNet
|
192.168.10.1 (eth1)
In the above mentioned Scenario, I've two DSL Routers with same
configuration. Both are taking Dynamic IP address from the ISP and on both
the DSL Routers I've configured the DynDNS.org user accounts (
abc.dnsalias.net and xyz.dnsalias.net) and these DSL routers are directly
connected to the Linux (RedHat9) GateWay Machines on eth0 interface. Now I
want to make a VPN Tunnel between my HomeNet and OfficeNet.
Kindly suggest me how it is possible. And I'm also sending you the
ipsec.conf and ipsec.secrets along with this.
I'd be highly thankful to you if I'm able to connect my home network machine
to my office network.
Deepak Chopra
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not
the intended recipient, you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately and destroy all copies of this
message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The
company accepts no liability for any damage caused by any
virus/trojan/worms/malicious code transmitted by this email.
www.mind-infotech.com
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
--
"Education is what remains after one has forgotten what one has learned in
school."
Albert Einstein
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus/trojan/worms/malicious code transmitted by this email.
www.mind-infotech.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070117/20d459a5/attachment-0001.html
More information about the Users
mailing list