[Openswan Users] Left (local) side not pulling its IP

Mauricio Tavares raubvogel at gmail.com
Tue Sep 8 09:21:04 EDT 2009


	I have an ubuntu laptop which I use to connect to my work vpn 
(l2tp/ipsec). Based on 
http://www.jacco2.dds.nl/networking/linux-l2tp.html, I setup my 
/etc/ipsec.conf as follows:

version 2
config setup
     interfaces=%defaultroute
     nat_traversal=yes
     virtual_private=%v4:192.168.11.0/24
     protostack=netkey

conn Test
     authby=rsasig
     pfs=no
     auto=add
     rekey=yes
     keyingtries=3
     type=transport
     # Left (local)
     leftprotoport=17/1701
     left=%defaultroute
     leftnexthop=192.168.1.1
     leftsubnet=192.168.1.0/24
     leftcert=domain.crt
     leftrsasigkey=%cert
     # Right (VPN)
     right=shop.domain.com
     rightprotoport=17/1701
     # rightcert=cacert.pem
     rightid="C=US, ST=Florida, L=Gainesville, O=Test Inc, OU=VPN, 
CN=shop.domain.com, E=support at domain.com"
     rightrsasigkey=%cert
     rightca=%same

# disable opportunistic encryption
conn block
     auto=ignore

conn private
     auto=ignore

conn private-or-clear
     auto=ignore

conn clear-or-private
     auto=ignore
conn clear
     auto=ignore

conn packetdefault
     auto=ignore

Where I would like to improve it is to have ipsec be able to pull 
leftnexthop and leftsubnet on its own; I really would be happier if I 
did not have to edit that whenever I changed the network my laptop is 
on. How can I do that?


More information about the Users mailing list