[Openswan Users] Left (local) side not pulling its IP
Paul Wouters
paul at xelerance.com
Tue Sep 8 12:42:05 EDT 2009
On Tue, 8 Sep 2009, Mauricio Tavares wrote:
> (l2tp/ipsec). Based on
> http://www.jacco2.dds.nl/networking/linux-l2tp.html, I setup my
> /etc/ipsec.conf as follows:
> conn Test
> authby=rsasig
> pfs=no
> auto=add
> rekey=yes
> keyingtries=3
> type=transport
> # Left (local)
> leftprotoport=17/1701
> left=%defaultroute
> leftnexthop=192.168.1.1
> leftsubnet=192.168.1.0/24
L2tp is a host to host tunnel. so you don't have leftsubnet.
See /etc/ipsec.d/examples/l2tp.conf
> leftcert=domain.crt
> leftrsasigkey=%cert
> # Right (VPN)
> right=shop.domain.com
> rightprotoport=17/1701
> # rightcert=cacert.pem
> rightid="C=US, ST=Florida, L=Gainesville, O=Test Inc, OU=VPN,
> CN=shop.domain.com, E=support at domain.com"
> rightrsasigkey=%cert
> rightca=%same
right needs the special rightsubnet=vhost:%no,%priv to work behind NAT.
(for that you currently also need to use openswan 2.4.x instead of 2.6.x)
Paul
More information about the Users
mailing list