[Openswan Users] Openswan AND fortigate 60b Vs Iptables

Ing. Rodrigo Fernandez rfernandez_net at yahoo.com.mx
Sat Jul 10 23:47:22 EDT 2010


 

Hi!! Yes willie you're right it is looking for another "host pair" let me
explain you the schema:

 

We only have one ipsec tunnel but the two points are via dyndns then im
assuming that when the ip of the fortinet side (remote side ) changes,
openswan never tries again to "nslookup" the name of the remote endpoint and
then I got the mistake ill send the conf again and you can see that im
declaring well my rules:

 

 

conn netcafe

        auth=esp

        authby=secret

        auto=start

        esp=3des-md5!

        ikelifetime=1800s

        keyingtries=10

        keylife=28800s

        left=mydyndns1.ath.cx

        leftid=192.9.201.254

        leftnexthop=192.9.201.254

        leftsubnet=192.9.201.0/24

        right=mydyndns2.ath.cx

        rightid=%any

        rightnexthop=10.0.254.254

        rightsubnet=10.0.254.0/24

        ike=3des-md5!

        keyexchange=ike

        dpddelay=30

        dpdtimeout=120

        dpdaction=restart

 

and my secret is:

 

mydyndns1.ath.cx mydyndns2.ath.cx : PSK "mypresharedkey"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100710/86056c3f/attachment.html 


More information about the Users mailing list