[Openswan Users] Left (local) side not pulling its IP
Mauricio Tavares
raubvogel at gmail.com
Tue Sep 8 09:21:04 EDT 2009
I have an ubuntu laptop which I use to connect to my work vpn
(l2tp/ipsec). Based on
http://www.jacco2.dds.nl/networking/linux-l2tp.html, I setup my
/etc/ipsec.conf as follows:
version 2
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:192.168.11.0/24
protostack=netkey
conn Test
authby=rsasig
pfs=no
auto=add
rekey=yes
keyingtries=3
type=transport
# Left (local)
leftprotoport=17/1701
left=%defaultroute
leftnexthop=192.168.1.1
leftsubnet=192.168.1.0/24
leftcert=domain.crt
leftrsasigkey=%cert
# Right (VPN)
right=shop.domain.com
rightprotoport=17/1701
# rightcert=cacert.pem
rightid="C=US, ST=Florida, L=Gainesville, O=Test Inc, OU=VPN,
CN=shop.domain.com, E=support at domain.com"
rightrsasigkey=%cert
rightca=%same
# disable opportunistic encryption
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
Where I would like to improve it is to have ipsec be able to pull
leftnexthop and leftsubnet on its own; I really would be happier if I
did not have to edit that whenever I changed the network my laptop is
on. How can I do that?
More information about the Users
mailing list