[Openswan Users] Configuration for both pure ipsec and l2tp/ipsec clients
hayate
hayatelee at gmail.com
Mon Jun 14 12:22:27 EDT 2010
Hi all,
I want to set up a VPN for my Nokia cellphone and ipad, so I need a
config for both clients. Here is mine, please see if it is right:
conn E71
# Key exchange
ike=aes256-sha1-modp1536
# Data exchange
esp=aes256-sha1
# Authentication method PSK
authby=secret
auto=add
keyingtries=3
rekey=no
pfs=no
# Modeconfig setting
modecfgpull=yes
# local endpoint
left=xx.xx.xx.xx
leftxauthserver=no
leftmodecfgserver=yes
leftsourceip=192.168.7.1
leftsubnet=0.0.0.0/0
# remote endpoint
right=%any
rightxauthclient=no
rightmodecfgclient=yes
rightsourceip=192.168.7.24
rightsubnet=192.168.7.24/32
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=xx.xx.xx.xx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
I have a problem currently: If I connect to the server it will fail,
but after waiting for a while I reconnect it, it will succeed. It's
strange.
ps: I have a question still: Why can the ipsec server tell the
cellphone client from the ipad client because they may behind the same
NAT?
Thanks all
More information about the Users
mailing list