[Openswan Users] Configure net-to-net vpn with both vpn, servers behind adsl nat routers

Xavi Deop piquerola at gmail.com
Wed Mar 7 04:44:04 EST 2007 

Hi, thanks for your replies!!

I'm a bit confused with the addresses, sorry...

I have 2 ethernets in my vpn servers.

This configuration file sample, is for one of the vpn servers, that's right?
For the otherone, there should be changes, no??

if my scenario had:

LAN_1 ------ vpn server --- router adsl ------ internet---- router
adsl ------- vpn server ----- LAN_2
ip_lan1     ip1_1    ip1_2  ip_r1      ip_pub1              ip_pub2
ip_r2  ip2_2      ip2_1   ip_lan2

how would it be the configuration?

what is: @leftid @rightid?? which addresses should be?

Thanks in advance!

Xavi.

2007/3/7, Utkarsh Shah <utkarsh at elitecore.com>:
>
>
> > Hi, I have the following scenario, and I would like to create a vpn with
> > natt suport.
> >
> > LAN_1 ------ vpn server --- router adsl ------ internet---- router adsl
> > ----- vpn server ----- LAN_2
> >
> > I've installed:
> > openswan-2.4.7.tar.gz<
> http://www.openswan.org/download/openswan-2.4.7.tar.gz>
> >
> > I'm working with slackware 10.1 and kernel 2.16.12
> >
> > I have to install the kernell natt patch??
> >
> > Could someone help me with ipsec.conf file? I've been searching the
> internet
> > without any result...
> >
> > Thanks.
> >
> > Xavi
> i have achieved above scenario with following changes it might not be
> perfect solution...
> on adsl router apply portforwarding rules for UDP port 500 port 4500 and
> proto esp(50) to your vpn server on both end
>
> configure your ipsec.conf as below
>
> conn net-to-net
>        left=10.0.1.2
>        leftid=@leftid
>        leftsubnet=192.168.0.0/24
>        right=remoteserver(domain name or ip which will identify adsl
> router)
>        rightid=@rightid
>        rightsubnet=192.168.1.0/24
>        authby=secret
>        auto=start
>
> and your ipsec.secret as
>
> @leftid @rightid : PSK "your preshared key"
>
>
>
> Regards,
> Utkarsh Shah
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070307/59a26f9f/attachment.html

More information about the Users mailing list