[Openswan Users] Configure net-to-net vpn with both vpn, servers behind adsl nat routers

Utkarsh Shah utkarsh at elitecore.com
Wed Mar 7 04:51:27 EST 2007 

assuming "ip1_1    ip1_2" is vpnserver1 and another is vpnserver2

at vpnserver1
conn vpnserver1-to-vpnserver2
       left=ip1_2
       leftid=@ip1_2
       leftsubnet=ip_lan1
       leftnexthop=ip_r1      (may not be needed in new version)
       right=ip_pub2
       rightid=@ip2_2
       rightsubnet=ip_lan2 <http://192.168.1.0/24>
       authby=secret
       auto=start

at vpnserver2
conn vpnserver2-to-vpnserver1
       left=ip2_2
       leftid=@ip2_2
       leftsubnet=ip_lan2
       leftnexthop=ip_r2      (may not be needed in new version)
       right=ip_pub1
       rightid=@ip1_1
       rightsubnet=ip_lan1
       authby=secret
       auto=start


Regards,
Utkarsh Shah

Xavi Deop wrote:
> Hi, thanks for your replies!!
>  
> I'm a bit confused with the addresses, sorry...
>  
> I have 2 ethernets in my vpn servers.
>  
> This configuration file sample, is for one of the vpn servers, that's 
> right? For the otherone, there should be changes, no??
>  
> if my scenario had:
>  
> LAN_1 ------ vpn server --- router adsl ------ internet---- router 
> adsl ------- vpn server ----- LAN_2
> ip_lan1     ip1_1    ip1_2  ip_r1      ip_pub1              ip_pub2    
> ip_r2  ip2_2      ip2_1   ip_lan2
>  
> how would it be the configuration?
>  
> what is: @leftid @rightid?? which addresses should be?
>  
> Thanks in advance!
>  
> Xavi.
>  
> 2007/3/7, Utkarsh Shah <utkarsh at elitecore.com 
> <mailto:utkarsh at elitecore.com>>:
>
>
>     > Hi, I have the following scenario, and I would like to create a
>     vpn with
>     > natt suport.
>     >
>     > LAN_1 ------ vpn server --- router adsl ------ internet----
>     router adsl
>     > ----- vpn server ----- LAN_2
>     >
>     > I've installed:
>     > openswan-2.4.7.tar.gz<
>     http://www.openswan.org/download/openswan-2.4.7.tar.gz>
>     >
>     > I'm working with slackware 10.1 and kernel 2.16.12
>     >
>     > I have to install the kernell natt patch??
>     >
>     > Could someone help me with ipsec.conf file? I've been searching
>     the internet
>     > without any result...
>     >
>     > Thanks.
>     >
>     > Xavi
>     i have achieved above scenario with following changes it might not be
>     perfect solution...
>     on adsl router apply portforwarding rules for UDP port 500 port
>     4500 and
>     proto esp(50) to your vpn server on both end
>
>     configure your ipsec.conf as below
>
>     conn net-to-net
>            left= 10.0.1.2 <http://10.0.1.2>
>            leftid=@leftid
>            leftsubnet=192.168.0.0/24 <http://192.168.0.0/24>
>            right=remoteserver(domain name or ip which will identify
>     adsl router)
>            rightid=@rightid
>            rightsubnet= 192.168.1.0/24 <http://192.168.1.0/24>
>            authby=secret
>            auto=start
>
>     and your ipsec.secret as
>
>     @leftid @rightid : PSK "your preshared key"
>
>
>
>     Regards,
>     Utkarsh Shah
>     _______________________________________________
>     Users at openswan.org <mailto:Users at openswan.org>
>     http://lists.openswan.org/mailman/listinfo/users
>     <http://lists.openswan.org/mailman/listinfo/users>
>     Building and Integrating Virtual Private Networks with Openswan:
>     http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>     <http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070307/013334d7/attachment-0001.html

More information about the Users mailing list