[Openswan Users] openswan 2.6.37.3 FC 17

Elison Niven elison.niven at elitecore.com
Mon Sep 3 01:18:48 EDT 2012 

Well, I don't know. I have only used modecfg to get an IP from the 
remote end.
leftmodecfgclient=yes
modecfgpull=yes

But considering that you are able to connect, I do not think that your 
setup involves modecfg.

On Saturday 01 September 2012 07:21 AM, rapponcape wrote:
> Updating config to specify leftsourceip did not work.  Tunnel fails to come up.
> Is there a way to force leftsourceip to be dynamically assigned by dhcp server
> at far end, similar to what happens when sonicwall gvc clients connect to this
> device?
>
> Thanks for any assistance you can provide.
>
>
> On Mon, Aug 27, 2012 at 1:57 AM, Elison Niven
> <elison.niven at elitecore.com> wrote:
>> Hello,
>>
>> Try adding leftsourceip=192.168.20.x to your configuration.
>>
>> On Saturday 25 August 2012 11:44 PM, Anthony Ppar wrote:
>>> Linux FC17 machine connecting to Sonicwall NSA 3500 using ipsec tunnel
>>> mode and
>>> XAUTH.
>>>
>>> Current configuration works and I can see and connect to the remote
>>> network
>>> resources.  However, when I connect to a remote resource, such as
>>> 192.168.20.10,
>>> I can see that my ip address is 192.168.1.9.
>>>
>>> Instead of this 1.9 source address, I need my source to be something in
>>> the 20.x
>>> range.
>>>
>>> I have DHCP enabled on SonicWall and when my Windows users connect using
>>> the
>>> Sonicwall GVC client, they obtain an address via dhcp and are assigned one
>>> from
>>> the 20.x pool.  How can I reconfigure my connection from FC linux box so I
>>> am
>>> assigned a 20.x address for the tunnel link?
>>>
>>> Thanks for any assistance you can provide.
>>>
>>> Here's my current config.
>>>
>>> config setup
>>>          # Debug-logging controls:  "none" for (almost) none, "all" for
>>> lots.
>>>          # klipsdebug=all
>>>          #plutodebug="control parsing"
>>>          plutodebug="all"
>>>          # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>>>          protostack=netkey
>>> #       protostack=klips
>>>          nat_traversal=yes
>>>          oe=off
>>>          # Enable this if you see "failed to find any available worker"
>>>          nhelpers=0
>>>
>>> conn sonicwall
>>>        type=tunnel
>>>        left=192.168.1.9
>>>        leftsubnet=192.168.1.0/24
>>>        leftid=@GroupVPN
>>>        leftxauthclient=yes
>>>        right=123.123.123.254
>>>        rightsubnet=192.168.20.0/24
>>>        rightid=@0012X00012B3
>>>        rightxauthserver=yes
>>>        keyingtries=0
>>>        pfs=no
>>>        auto=add
>>>        auth=esp
>>>        esp=3DES-SHA1
>>>        ike=3des-sha1-modp1024
>>>        authby=secret
>>>        aggrmode=yes
>>>        keyexchange=ike
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>> --
>> Best Regards,
>> Elison Niven
>>
>

-- 
Best Regards,
Elison Niven

More information about the Users mailing list