[Openswan Users] IPsec-Setup
Willie Gillespie
wgillespie+openswan at es2eng.com
Tue Apr 12 15:20:47 EDT 2011
On 4/12/2011 8:42 AM, Thomas Schweikle wrote:
> For the client:
> http://home.vrweb.de/~tps/config/ipsec-ns3/barf.txt.html
> http://home.vrweb.de/~tps/config/ipsec-ns3/ipsec.conf.html
> http://home.vrweb.de/~tps/config/ipsec-ns3/ipsec.secrets.html
> http://home.vrweb.de/~tps/config/ipsec-ns3/pluto.err.html
> http://home.vrweb.de/~tps/config/ipsec-ns3/status.txt.html
>
> For the server:
> http://home.vrweb.de/~tps/config/ipsec-vpn/barf.txt.html
> http://home.vrweb.de/~tps/config/ipsec-vpn/ipsec.conf.html
> http://home.vrweb.de/~tps/config/ipsec-vpn/ipsec.secrets.html
> http://home.vrweb.de/~tps/config/ipsec-vpn/pluto.err.html
> http://home.vrweb.de/~tps/config/ipsec-vpn/status.txt.html
Is this a new config? It'd be simpler to only have your nn-bn and nb
conns. As I recall (someone can correct me if I'm wrong), but that
should be all that you need as far as tunnels go.
leftsourceip
the IP address for this host to use when transmitting a packet to the
other side of this link. Relevant only locally, the other end need not
agree. This option is used to make the gateway itself use its internal
IP, which is part of the leftsubnet, to communicate to the rightsubnet
or right. Otherwise, it will use its nearest IP address, which is its
public IP address. This option is mostly used when defining
subnet-subnet connections, so that the gateways can talk to each other
and the subnet at the other end, without the need to build additional
host-subnet, subnet-host and host-host tunnels. Both IPv4 and IPv6
addresses are supported.
More information about the Users
mailing list