[Openswan Users] Openswan AND fortigate 60b Vs Iptables
Ing. Rodrigo Fernandez
rfernandez_net at yahoo.com.mx
Sat Jul 10 23:47:22 EDT 2010
Hi!! Yes willie you're right it is looking for another "host pair" let me
explain you the schema:
We only have one ipsec tunnel but the two points are via dyndns then im
assuming that when the ip of the fortinet side (remote side ) changes,
openswan never tries again to "nslookup" the name of the remote endpoint and
then I got the mistake ill send the conf again and you can see that im
declaring well my rules:
conn netcafe
auth=esp
authby=secret
auto=start
esp=3des-md5!
ikelifetime=1800s
keyingtries=10
keylife=28800s
left=mydyndns1.ath.cx
leftid=192.9.201.254
leftnexthop=192.9.201.254
leftsubnet=192.9.201.0/24
right=mydyndns2.ath.cx
rightid=%any
rightnexthop=10.0.254.254
rightsubnet=10.0.254.0/24
ike=3des-md5!
keyexchange=ike
dpddelay=30
dpdtimeout=120
dpdaction=restart
and my secret is:
mydyndns1.ath.cx mydyndns2.ath.cx : PSK "mypresharedkey"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100710/86056c3f/attachment.html
More information about the Users
mailing list