[Openswan Users] Roadwarrior gateway setup
Randy Wyatt
rwyatt at nvtl.com
Thu Jan 28 12:20:56 EST 2010
I am using Ubuntu 9.10 with Openswan 2.6.22.
Is there a way to configure it as a gateway with clients that contain a
dynamic IP address?
The FQDN of the Clients will change depending on the IP address that
they are allocated by the external ISP.
Here is the configuration I would like to use:
localuser at Dolphins:~$ more ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from
below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd
private"
# eg:
plutodebug="all"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by a
developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to
enable.
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
conn primary
authby=secret
type=tunnel
left=xxx.xxx.xxx.xxx
leftsubnet=xxx.xxx.xxx.xxx/24
leftid=@dolphins.devnet.nvtl.local
right=%any
keyexchange=ike
ike=3des-sha1
phase2=esp
phase2alg=3des-sha1;modp1024
pfs=yes
auto=add
When starting the connection through ipsec auto -up primary, I get the
following error
localuser at Dolphins:~$ sudo ipsec auto --up primary
029 "primary": cannot initiate connection without knowing peer IP
address (kind=CK_TEMPLATE)
localuser at Dolphins:~$
Regards,
Randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100128/7622a32b/attachment.html
More information about the Users
mailing list